cbcvebase.
CVE-2018-6064
published 2018-11-14

CVE-2018-6064: Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap…

PriorityP259high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
6.89%
93.3th percentile
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
googlechrome< 65.0.3325.14665.0.3325.146
googlechrome>= unspecified < 65.0.3325.14665.0.3325.146
redhatenterprise_linux_desktop
redhatenterprise_linux_server
redhatenterprise_linux_workstation

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://cs.chromium.org/chromium/src/v8/src/elements.cc?rcl=3cbf26e8a21aa76703d2c3c51adb9c96119500da&l=1051
commandObject.entries(arr).toString()
  • Trigger pattern involves defining a getter via __defineGetter__ on a sparse array, then calling Object.entries() to trigger type confusion in ElementsAccessorBase::CollectValuesOrEntriesImpl
  • The vulnerability is triggered when a getter callback changes the elements kind of an array during iteration in CollectValuesOrEntriesImpl, leading to type confusion in GetEntryForIndexImpl — monitor for crafted HTML pages invoking Object.entries() on arrays with __defineGetter__ callbacks that mutate array structure
  • Exploitation targets Google Chrome versions prior to 65.0.3325.146; presence of older Chrome versions in the environment is a risk indicator
  • ·The exploit is delivered via a crafted HTML page; no network-based IOC (domain/IP) is associated with the PoC itself — detection must rely on behavioral/JS pattern analysis
  • ·The upstream Chromium bug tracker entry (798644) and full technical details may be restricted; the PoC on Exploit-DB represents the publicly available reproduction case

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.