cbcvebase.
CVE-2018-16083
published 2019-01-09

CVE-2018-16083: An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds…

PriorityP355high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
5.26%
91.5th percentile
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Affected

5 ranges
VendorProductVersion rangeFixed in
googlechrome< 69.0.3497.8169.0.3497.81
googlechrome>= unspecified < 69.0.3497.8169.0.3497.81
redhatenterprise_linux_desktop
redhatenterprise_linux_server
redhatenterprise_linux_workstation

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger condition: sending a very short RTP packet over a WebRTC connection causes FEC (ULPFEC) processing to read beyond the allocated buffer in XorPayloads, observable as a heap-buffer-overflow READ in ASAN builds
  • Crash occurs in the call chain: XorPayloads → ForwardErrorCorrection::RecoverPacket → AttemptRecovery → DecodeFec → UlpfecReceiverImpl::ProcessReceivedFec → RtpVideoStreamReceiver::ParseAndHandleEncapsulatingHeader; monitor for abnormal termination or ASAN signals along this path
  • The vulnerability is exploitable via a crafted HTML page that establishes a WebRTC peer connection and sends malformed RTP packets; delivery vector is a remote web page
  • Affected component is Google Chrome prior to version 69.0.3497.81; flag any Chrome installations below this version as unpatched
  • ·The out-of-bounds read occurs 0 bytes past the end of a 1520-byte heap allocation; the read size is only 1 byte, limiting direct data-exfiltration impact but still constituting an exploitable memory disclosure primitive
  • ·Exploitation requires the victim to visit a crafted HTML page that initiates a WebRTC RTCPeerConnection; no additional user interaction beyond page load is needed

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.