CVE-2018-17480
published 2018-12-11CVE-2018-17480: Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a…
PriorityP184high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
34.29%
98.2th percentile
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 71.0.3578.80-1 | 71.0.3578.80-1 |
| chromium | chromium | >= 0 < 71.0.3578.80-1 | 71.0.3578.80-1 |
| chromium | chromium | >= 0 < 71.0.3578.80-1 | 71.0.3578.80-1 |
| chromium | chromium | >= 0 < 71.0.3578.80-1 | 71.0.3578.80-1 |
| debian | chromium | < chromium 71.0.3578.80-1 (bookworm) | chromium 71.0.3578.80-1 (bookworm) |
| debian | debian_linux | — | — |
| chrome | < 71.0.3578.80 | 71.0.3578.80 | |
| chrome | >= unspecified < 71.0.3578.80 | 71.0.3578.80 | |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| the_openjpeg_project | openjpeg2 | >= 0 < 2.3.0-2build0.18.04.1 | 2.3.0-2build0.18.04.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via a crafted HTML page delivering user-supplied JavaScript during array deserialization, causing an out-of-bounds write in V8; any Google Chrome version prior to 71.0.3578.80 is affected and should be flagged ↗
- →Multiple Chromium-based browsers are in scope for detection, not only Google Chrome — also includes Microsoft Edge and Opera builds using the affected V8 engine below version 71.0.3578.80 ↗
- ·Exploitation is sandboxed — arbitrary code execution is confined within the browser sandbox; a sandbox escape would be required for full system compromise ↗
- ·The upstream Chromium bug report (crbug 905940) may contain additional technical detail but is referenced only by ID in available sources; consult it directly for PoC or deeper analysis ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Google Chromium V8 Out-of-Bounds Write Vulnerability
cisa·2022-06-08·CVSS 8.8
CVE-2018-17480 [HIGH] CWE-787 Google Chromium V8 Out-of-Bounds Write Vulnerability
Vulnerability: Google Chromium V8 Out-of-Bounds Write Vulnerability
Affected: Google Chromium V8
Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-17480
Remediation Due Date: 2022-06-22
Red Hat
chromium-browser: Out of bounds write in V8
vendor_redhat·2018-12-04·CVSS 8.8
CVE-2018-17480 [HIGH] chromium-browser: Out of bounds write in V8
chromium-browser: Out of bounds write in V8
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Debian
CVE-2018-17480: chromium - Execution of user supplied Javascript during array deserialization leading to an...
vendor_debian·2018·CVSS 8.8
CVE-2018-17480 [HIGH] CVE-2018-17480: chromium - Execution of user supplied Javascript during array deserialization leading to an...
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 71.0.3578.80-1)
bullseye: resolved (fixed in 71.0.3578.80-1)
forky: resolved (fixed in 71.0.3578.80-1)
sid: resolved (fixed in 71.0.3578.80-1)
trixie: resolved (fixed in 71.0.3578.80-1)
GHSA
GHSA-rfp6-w338-jp8m: Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71
ghsa_unreviewed·2022-05-14
CVE-2018-17480 [HIGH] CWE-787 GHSA-rfp6-w338-jp8m: Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
OSV
openjpeg2 vulnerabilities
osv·2019-08-21·CVSS 9.8
CVE-2017-17480 openjpeg2 vulnerabilities
openjpeg2 vulnerabilities
It was discovered that OpenJPEG incorrectly handled certain PGX files. An
attacker could possibly use this issue to cause a denial of service or possibly
remote code execution. (CVE-2017-17480)
It was discovered that OpenJPEG incorrectly handled certain files. An attacker
could possibly use this issue to cause a denial of service. (CVE-2018-14423)
It was discovered that OpenJPEG incorrectly handled certain PNM files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-18088)
It was discovered that OpenJPEG incorrectly handled certain BMP files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-5785, CVE-2018-6616)
OSV
CVE-2018-17480: Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71
osv·2018-12-11·CVSS 8.8
CVE-2018-17480 [HIGH] CVE-2018-17480: Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
VulnCheck
Google Chromium V8 Out-of-Bounds Write Vulnerability
vulncheck·2018·CVSS 8.8
CVE-2018-17480 [HIGH] CWE-787 Google Chromium V8 Out-of-Bounds Write Vulnerability
Google Chromium V8 Out-of-Bounds Write Vulnerability
Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Affected: Google Chromium V8
Required Action: Apply updates per vendor instructions.
Exploitation References: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
Remediation Due: 2022-06-22
No detection rules found.
No public exploits indexed.
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Ciberamenazas
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primari
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
# MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi
2024/12/05
Read time: ( words)
Save to Folio
#### Summary
- Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
- MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, prim
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi 2024/12/05 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primarily
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyberbedrohungen
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, prim
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primari
Bugzilla
CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2
bugzilla·2018-12-05·CVSS 8.8
CVE-2018-17480 [HIGH] CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2
CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 ... chromium: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the releva
Bugzilla
CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2
bugzilla·2018-12-05·CVSS 8.8
CVE-2018-17480 [HIGH] CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2
CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 ... chromium: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-l
Bugzilla
CVE-2018-17480 chromium-browser: Out of bounds write in V8
bugzilla·2018-12-05·CVSS 8.8
CVE-2018-17480 [HIGH] CVE-2018-17480 chromium-browser: Out of bounds write in V8
CVE-2018-17480 chromium-browser: Out of bounds write in V8
An out of bounds write flaw was found in the V8 component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=905940
External References:
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-7 [bug 1656576]
Affects: fedora-all [bug 1656575]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:3803 https://access.redhat.com/errata/RHSA-2018:3803
http://www.securityfocus.com/bid/106084https://access.redhat.com/errata/RHSA-2018:3803https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.htmlhttps://crbug.com/905940https://security.gentoo.org/glsa/201908-18https://www.debian.org/security/2018/dsa-4352http://www.securityfocus.com/bid/106084https://access.redhat.com/errata/RHSA-2018:3803https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.htmlhttps://crbug.com/905940https://security.gentoo.org/glsa/201908-18https://www.debian.org/security/2018/dsa-4352https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17480
2018-12-11
Published
2022-06-08
Added to CISA KEV
Exploited in the wild