CVE-2018-6064
published 2018-11-14CVE-2018-6064: Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap…
PriorityP259high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
6.89%
93.3th percentile
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| chrome | < 65.0.3325.146 | 65.0.3325.146 | |
| chrome | >= unspecified < 65.0.3325.146 | 65.0.3325.146 | |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://cs.chromium.org/chromium/src/v8/src/elements.cc?rcl=3cbf26e8a21aa76703d2c3c51adb9c96119500da&l=1051↗
- →Trigger pattern involves defining a getter via __defineGetter__ on a sparse array, then calling Object.entries() to trigger type confusion in ElementsAccessorBase::CollectValuesOrEntriesImpl ↗
- →The vulnerability is triggered when a getter callback changes the elements kind of an array during iteration in CollectValuesOrEntriesImpl, leading to type confusion in GetEntryForIndexImpl — monitor for crafted HTML pages invoking Object.entries() on arrays with __defineGetter__ callbacks that mutate array structure ↗
- →Exploitation targets Google Chrome versions prior to 65.0.3325.146; presence of older Chrome versions in the environment is a risk indicator ↗
- ·The exploit is delivered via a crafted HTML page; no network-based IOC (domain/IP) is associated with the PoC itself — detection must rely on behavioral/JS pattern analysis ↗
- ·The upstream Chromium bug tracker entry (798644) and full technical details may be restricted; the PoC on Exploit-DB represents the publicly available reproduction case ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
chromium-browser: type confusion in v8
vendor_redhat·2018-03-06·CVSS 8.8
CVE-2018-6064 [HIGH] chromium-browser: type confusion in v8
chromium-browser: type confusion in v8
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
GHSA
GHSA-694g-qcvr-75cx: Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65
ghsa_unreviewed·2022-05-14
CVE-2018-6064 [HIGH] CWE-704 GHSA-694g-qcvr-75cx: Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
OSV
CVE-2018-6064: Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65
osv·2018-11-14·CVSS 8.8
CVE-2018-6064 [HIGH] CVE-2018-6064: Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
No detection rules found.
Bugzilla
qt5-qtwebengine: 16 security vulnerabilities
bugzilla·2018-03-24·CVSS 6.1
CVE-2017-15429 [MEDIUM] qt5-qtwebengine: 16 security vulnerabilities
qt5-qtwebengine: 16 security vulnerabilities
Description of problem:
An update [https://bodhi.fedoraproject.org/updates/FEDORA-2018-b844991a97] is available fixing 16 security vulnerabilities in the qt5-qtwebengine currently in F28 Beta:
* CVE-2017-15429
* CVE-2018-6033 (claimed fixed in 5.10.1, but the fix was incomplete and had no effect; the update adds the missing part to make the fix effective)
* CVE-2018-6060
* CVE-2018-6062
* CVE-2018-6064
* CVE-2018-6069
* CVE-2018-6071
* CVE-2018-6073
* CVE-2018-6076
* CVE-2018-6079
* CVE-2018-6081
* CVE-2018-6082
* Chromium (security) Bug 770734
* Chromium (security) Bug 774833
* Chromium (security) Bug 798410
* Chromium (security) Bug 789764
I am therefore proposing this update:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b844991a97
as
Bugzilla
CVE-2018-6064 chromium-browser: type confusion in v8
bugzilla·2018-03-07·CVSS 8.8
CVE-2018-6064 [HIGH] CVE-2018-6064 chromium-browser: type confusion in v8
CVE-2018-6064 chromium-browser: type confusion in v8
A type confusion flaw was found in the V8 component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=798644
External References:
https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1552502]
Affects: epel-7 [bug 1552504]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:0484 https://access.redhat.com/errata/RHSA-2018:0484
Bugzilla
CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-
bugzilla·2018-03-07·CVSS 8.8
CVE-2018-6057 [HIGH] CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-
CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 ... chromium: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the releva
Bugzilla
CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-
bugzilla·2018-03-07·CVSS 8.8
CVE-2018-6057 [HIGH] CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-
CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 ... chromium: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-l
http://www.securityfocus.com/bid/103297https://access.redhat.com/errata/RHSA-2018:0484https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.htmlhttps://crbug.com/798644https://www.debian.org/security/2018/dsa-4182https://www.exploit-db.com/exploits/44394/https://www.zerodayinitiative.com/advisories/ZDI-19-368/http://www.securityfocus.com/bid/103297https://access.redhat.com/errata/RHSA-2018:0484https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.htmlhttps://crbug.com/798644https://www.debian.org/security/2018/dsa-4182https://www.exploit-db.com/exploits/44394/https://www.zerodayinitiative.com/advisories/ZDI-19-368/
2018-11-14
Published