⚠ Actively exploited
Added to CISA KEV on 2022-06-08. Federal agencies required to patch by 2022-06-22. Required action: Apply updates per vendor instructions..

CVE-2018-17480Out-of-bounds Write in Google Chrome

CWE-787Out-of-bounds Write17 documents10 sources
Severity
8.8HIGHNVD
OSV9.8
EPSS
27.0%
top 3.62%
CISA KEV
KEV
Added 2022-06-08
Due 2022-06-22
Exploit
Exploited in wild
Active exploitation observed
Affected products
7
Google ChromeChromiumTHE Openjpeg Project Openjpeg2+4 more
Timeline
PublishedDec 11
KEV addedJun 8
KEV dueJun 22
Latest updateDec 5
CISA Required Action: Apply updates per vendor instructions.

Description

Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5google/chromeunspecified71.0.3578.80
NVDgoogle/chrome< 71.0.3578.80
Debianchromium/chromium< 71.0.3578.80-1+3
Ubuntuthe_openjpeg_project/openjpeg2< 2.3.0-2build0.18.04.1

Also affects: Debian Linux 9.0

🔴Vulnerability Details

5
GHSA
GHSA-rfp6-w338-jp8m: Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 712022-05-14
OSV
openjpeg2 vulnerabilities2019-08-21
CVEList
CVE-2018-17480: Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 712018-12-11
OSV
CVE-2018-17480: Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 712018-12-11
VulnCheck
Google Chromium V8 Out-of-Bounds Write Vulnerability2018

📋Vendor Advisories

3
CISA
Google Chromium V8 Out-of-Bounds Write Vulnerability2022-06-08
Red Hat
chromium-browser: Out of bounds write in V82018-12-04
Debian
CVE-2018-17480: chromium - Execution of user supplied Javascript during array deserialization leading to an...2018

🕵️Threat Intelligence

5
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks2024-12-05
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks2024-12-05
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks2024-12-05
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks2024-12-05
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks2024-12-05

💬Community

3
Bugzilla
CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-22018-12-05
Bugzilla
CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-22018-12-05
Bugzilla
CVE-2018-17480 chromium-browser: Out of bounds write in V82018-12-05
CVE-2018-17480 — Out-of-bounds Write in Google Chrome | cvebase