Home

CVE-2018-18356

Description

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.565

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Google Chrome (x64) (71.0.3578.80)Windows
Multiple vulnerabilities fixed in Google Chrome (71.0.3578.80)Windows
Multiple vulnerabilities are fixed in Update for Google Chrome For Mac (71.0.3578.80)Mac
Mozilla Open Source web browser (USN-3874-1) firefox_65.0.1+build2-0ubuntu0.14.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-3874-1) firefox_65.0.1+build2-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3874-1) firefox_65.0.1+build2-0ubuntu0.16.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-3874-1) firefox_65.0.1+build2-0ubuntu0.16.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3874-1) firefox_65.0.1+build2-0ubuntu0.18.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-3874-1) firefox_65.0.1+build2-0ubuntu0.18.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3874-1) firefox_65.0.1+build2-0ubuntu0.18.10.1_amd64.debLinux
Mozilla Open Source web browser (USN-3874-1) firefox_65.0.1+build2-0ubuntu0.18.10.1_i386.debLinux
Mozilla Open Source web browser (USN-3896-1) firefox_65.0.1+build2-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3896-1) firefox_65.0.1+build2-0ubuntu0.14.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-3896-1) firefox_65.0.1+build2-0ubuntu0.16.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3896-1) firefox_65.0.1+build2-0ubuntu0.16.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-3896-1) firefox_65.0.1+build2-0ubuntu0.18.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3896-1) firefox_65.0.1+build2-0ubuntu0.18.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-3896-1) firefox_65.0.1+build2-0ubuntu0.18.10.1_i386.debLinux
Mozilla Open Source web browser (USN-3896-1) firefox_65.0.1+build2-0ubuntu0.18.10.1_amd64.debLinux
firefox-esr security update(DSA-4391-1) firefox-esr_60.5.1esr-1~deb9u1_i386.debLinux
firefox-esr security update(DSA-4391-1) firefox-esr_60.5.1esr-1~deb9u1_amd64.debLinux
thunderbird security update(DSA-4392-1) thunderbird_60.5.1-1~deb9u1_i386.debLinux
thunderbird security update(DSA-4392-1) thunderbird_60.5.1-1~deb9u1_amd64.debLinux
SUSE-SU-2019:0852-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-60.6.1esr-109.63.2.x86_64.rpmLinux
SUSE-SU-2019:0852-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-debuginfo-60.6.1esr-109.63.2.x86_64.rpmLinux
SUSE-SU-2019:0852-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-debugsource-60.6.1esr-109.63.2.x86_64.rpmLinux
SUSE-SU-2019:0852-1(SUSE Linux Enterprise Desktop 12-SP3 ) MozillaFirefox-translations-common-60.6.1esr-109.63.2.x86_64.rpmLinux
(RHSA-2019:1144) thunderbird security update thunderbird-60.6.1-1.el8.x86_64.rpmLinux
(RHSA-2019:1144) thunderbird security update thunderbird-debugsource-60.6.1-1.el8.x86_64.rpmLinux
Multiple vulnerabilities fixed in Google Chrome (71.0.3578.80) (For Debian)Linux
Multiple vulnerabilities fixed in Google Chrome (71.0.3578.80) (For Centos)Linux
Multiple vulnerabilities fixed in Google Chrome (71.0.3578.80) (For RedHat)Linux
Multiple vulnerabilities fixed in Google Chrome (71.0.3578.80) (For Suse)Linux
Multiple vulnerabilities fixed in Google Chrome (71.0.3578.80) (For Ubuntu)Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-313039Google Chrome (x64) (80.0.3987.122)
PATCH-313038Google Chrome (80.0.3987.122)
PATCH-609673Google Chrome for Mac (132.0.6834.83, 132.0.6834.84)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234