Multiple vulnerabilities in Google Chrome
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 34 |
| CVE-ID | CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6090 CVE-2018-6089 CVE-2018-6092 CVE-2018-6095 CVE-2018-6094 CVE-2018-6093 CVE-2018-6091 CVE-2018-6099 CVE-2018-6101 CVE-2018-6106 CVE-2018-6109 CVE-2018-6110 CVE-2018-6112 CVE-2018-6114 CVE-2018-6115 CVE-2018-6116 CVE-2018-6117 CVE-2018-6111 CVE-2018-6098 CVE-2018-6097 CVE-2018-6096 CVE-2018-6113 CVE-2018-6108 CVE-2018-6107 CVE-2018-6105 CVE-2018-6104 CVE-2018-6103 CVE-2018-6102 CVE-2018-6100 CVE-2018-6084 |
| CWE-ID | CWE-416 CWE-122 CWE-20 CWE-190 CWE-451 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 34 vulnerabilities.
1) Use-after-free error
EUVDB-ID: #VU11956
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6085
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in Disk Cache. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free error
EUVDB-ID: #VU11961
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6086
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in Disk Cache. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free error
EUVDB-ID: #VU11962
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6087
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in WebAssembly. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free error
EUVDB-ID: #VU11963
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6088
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in PDFium. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU11967
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6090
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to heap-based buffer overflow in Skia. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Security restrictions bypass
EUVDB-ID: #VU11968
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6089
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU11970
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6092
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in WebAssembly. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Security restrictions bypass
EUVDB-ID: #VU11972
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6095
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the lack of meaningful user interaction requirement before file upload. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Security restrictions bypass
EUVDB-ID: #VU11973
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6094
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to exploit hardening regression in Oilpan. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Security restrictions bypass
EUVDB-ID: #VU11974
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6093
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass same origin restrictions and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Security restrictions bypass
EUVDB-ID: #VU11975
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6091
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of plug-ins by Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass same origin policy restrictions and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Security restrictions bypass
EUVDB-ID: #VU11977
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6099
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass CORS and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Security restrictions bypass
EUVDB-ID: #VU11981
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6101
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to insufficient protection of remote debugging prototol in DevTools. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Security restrictions bypass
EUVDB-ID: #VU11982
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6106
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of promises in V8. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Security restrictions bypass
EUVDB-ID: #VU11983
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6109
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of files by FileAPI. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Security restrictions bypass
EUVDB-ID: #VU11984
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6110
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of plaintext files via file://. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Security restrictions bypass
EUVDB-ID: #VU11985
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6112
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect URL handling in DevTools. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Security restrictions bypass
EUVDB-ID: #VU11986
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6114
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to unspecified flaw. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass CSP and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Security restrictions bypass
EUVDB-ID: #VU11988
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6115
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to unspecified flaw. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass SmartScreen in downloads and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Security restrictions bypass
EUVDB-ID: #VU11989
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6116
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect low memory handling in WebAssembly. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Security restrictions bypass
EUVDB-ID: #VU11990
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6117
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error related to confusing autofill settings. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Heap-use-after-free error
EUVDB-ID: #VU11992
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6111
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-use-after-free error in DevTools. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Spoofing attack
EUVDB-ID: #VU11995
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6098
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Spoofing attack
EUVDB-ID: #VU11996
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6097
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to unspecified error. A remote attacker can trick the victim into visiting a specially crafted website and conduct spoof the Fullscreen UI.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Spoofing attack
EUVDB-ID: #VU11997
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6096
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to unspecified error. A remote attacker can trick the victim into visiting a specially crafted website and conduct spoof the Fullscreen UI.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Spoofing attack
EUVDB-ID: #VU11998
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6113
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in Navigation. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Spoofing attack
EUVDB-ID: #VU11999
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6108
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Spoofing attack
EUVDB-ID: #VU12000
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6107
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Spoofing attack
EUVDB-ID: #VU12001
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6105
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Spoofing attack
EUVDB-ID: #VU12002
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6104
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Spoofing attack
EUVDB-ID: #VU12003
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6103
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in Permissions. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Spoofing attack
EUVDB-ID: #VU12004
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6102
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Spoofing attack
EUVDB-ID: #VU12005
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6100
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Security restrictions bypass
EUVDB-ID: #VU12006
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6084
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to incorrect use of Distributed Objects in Google Software Updater on MacOS. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate to version 66.0.3359.117.
Vulnerable software versionsGoogle Chrome: 63.0.3239.108 - 65.0.3325.181
External linkshttp://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
