CVE-2018-17480
Published: 11 December 2018
Summary
CVE-2018-17480 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Google Chrome. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 3.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).
Deeper analysis
The vulnerability is an out-of-bounds write in the V8 JavaScript engine within Google Chrome versions prior to 71.0.3578.80. It stems from execution of user-supplied JavaScript during array deserialization and is tracked under CWE-787.
A remote attacker can exploit the flaw by serving a crafted HTML page to a victim, achieving arbitrary code execution inside the renderer sandbox with no user privileges required beyond visiting the page.
Advisories and patches, including the Chrome stable channel update, Red Hat RHSA-2018:3803, and Gentoo GLSA-201908-18, direct users to upgrade to Chrome 71.0.3578.80 or later to address the issue.
The CVSS 3.1 base score is 8.8 with network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-9233
Vulnerability details
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- CWE(s)
- KEV Date Added
- 08 June 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch (Chrome 71.0.3578.80+) that eliminates the out-of-bounds write during array deserialization.
Enforces configuration settings that restrict use of unpatched browser versions known to contain the V8 flaw.
Requires scanning to discover instances of Chrome < 71.0.3578.80 that remain vulnerable to the crafted-HTML exploit.