CVE-2018-17478

Published: Jun 27, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

Affected (1)

Products: Google: Chrome

Google

1 product

Chrome

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 70.0.3538.102

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (4)

https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-desktop.html

Source: chrome-cve-admin@google.com

https://crbug.com/897512

Source: chrome-cve-admin@google.com

https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-desktop.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://crbug.com/897512

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.