CVE-2018-17462Use After Free in Google Chrome

CWE-416Use After Free8 documents6 sources
Severity
9.6CRITICALNVD
EPSS
1.3%
top 20.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Google ChromeDebian LinuxRedhat Linux Desktop+2 more
Timeline
PublishedNov 14
Latest updateMay 13

Description

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages5 packages

CVEListV5google/chromeunspecified70.0.3538.67
NVDgoogle/chrome< 70.0.3538.67

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-p3c6-hv53-xj57: Incorrect refcounting in AppCache in Google Chrome prior to 702022-05-13
OSV
CVE-2018-17462: Incorrect refcounting in AppCache in Google Chrome prior to 702018-11-14
CVEList
CVE-2018-17462: Incorrect refcounting in AppCache in Google Chrome prior to 702018-11-14

📋Vendor Advisories

1
Red Hat
chromium-browser: Sandbox escape in AppCache2018-10-16

💬Community

3
Bugzilla
CVE-2018-16435 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-22018-10-17
Bugzilla
CVE-2018-17462 chromium-browser: Sandbox escape in AppCache2018-10-17
Bugzilla
CVE-2018-16435 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-22018-10-17
CVE-2018-17462 — Use After Free in Google Chrome | cvebase