cbcvebase.
CVE-2018-6065
published 2018-11-14

CVE-2018-6065: Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a…

PriorityP185high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
58.82%
99.0th percentile
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
googlechrome< 65.0.3325.14665.0.3325.146
googlechrome>= unspecified < 65.0.3325.14665.0.3325.146
redhatenterprise_linux_desktop
redhatenterprise_linux_server
redhatenterprise_linux_workstation

Detection & IOCsextracted from sources · hover to see the quote

pathC:\ProgramData\Microsoft\Windows\SystemProcessHost.exe
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44584.zip
filenameissue_808192.html
  • Alert on creation of executable at C:\ProgramData\Microsoft\Windows\SystemProcessHost.exe, which is the hardcoded Stage 2 drop path used by the shellcode.
  • The shellcode uses a custom API hashing algorithm seeded with the constant 0x5010101010101203; scan memory of suspicious processes for this seed value to identify the implant.
  • ·The Stage 2 payload was never retrieved because the C&C returned a 404 HTTP code during analysis; the final payload and its capabilities are unknown.
  • ·The exploit template (issue_808192.html) requires a server-side script (server.py) to patch version-dependent constants at runtime, meaning static signatures on the HTML file alone may miss dynamically patched variants.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.