CVE-2018-17470Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
7.4HIGHNVD
EPSS
1.5%
top 18.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Google ChromeDebian LinuxRedhat Enterprise Linux Desktop+2 more
Timeline
PublishedJan 9
Latest updateMay 14

Description

A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages5 packages

CVEListV5google/chromeunspecified70.0.3538.67
NVDgoogle/chrome< 70.0.3538.67

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-4764-h9h5-c5jx: A heap buffer overflow in GPU in Google Chrome prior to 702022-05-14
CVEList
CVE-2018-17470: A heap buffer overflow in GPU in Google Chrome prior to 702019-01-09
OSV
CVE-2018-17470: A heap buffer overflow in GPU in Google Chrome prior to 702019-01-09

📋Vendor Advisories

1
Red Hat
chromium-browser: Memory corruption in GPU Internals2018-10-16

💬Community

3
Bugzilla
CVE-2018-16435 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-22018-10-17
Bugzilla
CVE-2018-16435 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-22018-10-17
Bugzilla
CVE-2018-17470 chromium-browser: Memory corruption in GPU Internals2018-10-17
CVE-2018-17470 — Google Chrome vulnerability | cvebase