← Back

CVE-2018-17472

nvd nist
Published: Nov 14, 2018Modified: Nov 21, 2024

JSON object

Loading...
9.6
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 6.0
Source: NVD

Description

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.

Affected (5)

Google
1 product
Chrome
Redhat
3 products
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Workstation
Debian
1 product
Debian Linux
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Chrome
Before 70.0.3538.67
Running on/withPlatform Versions
Apple
Iphone Os
All versions
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux Desktop
Version 6.0
Enterprise Linux Server
Version 6.0
Enterprise Linux Workstation
Version 6.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

Source: chrome-cve-admin@google.com
Source: chrome-cve-admin@google.com
Source: chrome-cve-admin@google.com
Source: chrome-cve-admin@google.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.