Home

CVE-2018-6151

Description

Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.637

Associated Vulnerability

VulnerabilityOS Platform
Google Chrome (68.0.3440.75)Windows
Google Chrome (x64) (68.0.3440.75)Windows
Multiple vulnerabilities fixed in Updates for Google Chrome (x64) (66.0.3359.117)Windows
Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117)Windows
chromium-browser security update(DSA-4256-1) chromium_68.0.3440.75-1~deb9u1_i386.debLinux
chromium-browser security update(DSA-4256-1) chromium_68.0.3440.75-1~deb9u1_amd64.debLinux
Google Chrome (68.0.3440.75) (For Debian)Linux
Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For Debian)Linux
Google Chrome (68.0.3440.75) (For Centos)Linux
Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For Centos)Linux
Google Chrome (68.0.3440.75) (For RedHat)Linux
Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For RedHat)Linux
Google Chrome (68.0.3440.75) (For Suse)Linux
Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For Suse)Linux
Google Chrome (68.0.3440.75) (For Ubuntu)Linux
Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For Ubuntu)Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-307865Google Chrome (68.0.3440.75)
PATCH-307866Google Chrome (x64) (68.0.3440.75)
PATCH-313039Google Chrome (x64) (80.0.3987.122)
PATCH-313039Google Chrome (x64) (80.0.3987.122)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234