CyberSec.Space Logo
Back to CVE Browser

CVE-2018-17480

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score38.1350%
EPSS Percentile92.95th
PublishedDec 11, 2018
Last ModifiedOct 24, 2025

Vulnerability Description

Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Affected Platforms (CPE)

πŸ“¦
Google

Chrome

< 71.0.3578.80
πŸ’»
Redhat

Enterprise Linux Desktop

= 6.0
πŸ’»
Redhat

Enterprise Linux Server

= 6.0
πŸ’»
Redhat

Enterprise Linux Workstation

= 6.0
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/106084
πŸ”— https://access.redhat.com/errata/RHSA-2018:3803
πŸ”— https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
πŸ”— https://crbug.com/905940
πŸ”— https://security.gentoo.org/glsa/201908-18
πŸ”— https://www.debian.org/security/2018/dsa-4352
πŸ”— http://www.securityfocus.com/bid/106084
πŸ”— https://access.redhat.com/errata/RHSA-2018:3803

Related Vulnerabilities

CVE-2004-076410.0

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "c...

CVE-2009-247110.0

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers...

CVE-2021-3397010.0

Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.

CVE-2009-266510.0

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when cert...