cbcvebase.
CVE-2018-6055
published 2018-09-25

CVE-2018-6055: Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside…

PriorityP274high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.14%
62.7th percentile
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.

Affected

2 ranges
VendorProductVersion rangeFixed in
googlechrome< 64.0.3282.11964.0.3282.119
googlechrome>= unspecified < 64.0.3282.11964.0.3282.119

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via a crafted HTML page delivered remotely, targeting insufficient policy enforcement in Chrome's Catalog Service to escape the sandbox
  • ·Vulnerable versions of Google Chrome are prior to 64.0.3282.119; any deployment running an older version is at risk of sandbox escape via Catalog Service policy enforcement bypass

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.