← Back

CVE-2018-6065

nvd nist
Published: Nov 14, 2018Modified: Oct 24, 2025CISA KEV

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected (6)

Show all products
Google: Chrome · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Debian: Debian Linux · Mi: Mi6 Browser
Google
1 product
Chrome
Redhat
3 products
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Workstation
Debian
1 product
Debian Linux
Mi
1 product
Mi6 Browser
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Chrome
Before 65.0.3325.146
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux Desktop
Version 6.0
Enterprise Linux Server
Version 6.0
Enterprise Linux Workstation
Version 6.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Mi6 Browser
All versions

Related CWEs

CWE-190
Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (15)

Source: chrome-cve-admin@google.com
Broken LinkThird Party AdvisoryVDB Entry
Source: chrome-cve-admin@google.com
Third Party Advisory
Source: chrome-cve-admin@google.com
Release NotesVendor Advisory
Source: chrome-cve-admin@google.com
ExploitIssue Tracking
Source: chrome-cve-admin@google.com
Mailing ListThird Party Advisory
Source: chrome-cve-admin@google.com
ExploitThird Party AdvisoryVDB Entry
Source: chrome-cve-admin@google.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.