CVE-2018-6065
published 2018-11-14CVE-2018-6065: Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a…
PriorityP185high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
58.82%
99.0th percentile
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| chrome | < 65.0.3325.146 | 65.0.3325.146 | |
| chrome | >= unspecified < 65.0.3325.146 | 65.0.3325.146 | |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on creation of executable at C:\ProgramData\Microsoft\Windows\SystemProcessHost.exe, which is the hardcoded Stage 2 drop path used by the shellcode. ↗
- →The shellcode uses a custom API hashing algorithm seeded with the constant 0x5010101010101203; scan memory of suspicious processes for this seed value to identify the implant. ↗
- ·The Stage 2 payload was never retrieved because the C&C returned a 404 HTTP code during analysis; the final payload and its capabilities are unknown. ↗
- ·The exploit template (issue_808192.html) requires a server-side script (server.py) to patch version-dependent constants at runtime, meaning static signatures on the HTML file alone may miss dynamically patched variants. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Google Chromium V8 Integer Overflow Vulnerability
cisa·2022-06-08·CVSS 8.8
CVE-2018-6065 [HIGH] CWE-190 Google Chromium V8 Integer Overflow Vulnerability
Vulnerability: Google Chromium V8 Integer Overflow Vulnerability
Affected: Google Chromium V8
Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-6065
Remediation Due Date: 2022-06-22
Red Hat
chromium-browser: integer overflow in v8
vendor_redhat·2018-03-06·CVSS 8.8
CVE-2018-6065 [HIGH] chromium-browser: integer overflow in v8
chromium-browser: integer overflow in v8
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
GHSA
GHSA-cw7c-4r65-xf9h: Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65
ghsa_unreviewed·2022-05-13
CVE-2018-6065 [HIGH] CWE-190 GHSA-cw7c-4r65-xf9h: Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
OSV
CVE-2018-6065: Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65
osv·2018-11-14·CVSS 8.8
CVE-2018-6065 [HIGH] CVE-2018-6065: Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
VulnCheck
Google Chromium V8 Integer Overflow Vulnerability
vulncheck·2018·CVSS 8.8
CVE-2018-6065 [HIGH] CWE-190 Google Chromium V8 Integer Overflow Vulnerability
Google Chromium V8 Integer Overflow Vulnerability
Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Affected: Google Chromium V8
Required Action: Apply updates per vendor instructions.
Exploitation References: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html; https://www.trendmicro.com/en_us/research/25/l/SHADOW-VOID-042.html; http
No detection rules found.
Trendmicro
SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
blogs_trendmicro·2025-12-11
SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
Phishing
# SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
In November, a targeted spear-phishing campaign was observed using Trend Micro-themed lures against various industries, but this was quickly detected and thwarted by the Trend Vision One™ platform.
By: Daniel Lunghi, Ian Kenefick, Feike Hacquebord
2025/12/11
Read time: ( words)
Save to Folio
Special thanks to Stephen Hilt.
## Key takeaways
- In November 2025, spear-phishing emails featuring a Trend Micro-themed social engineering lure were sent to various industry verticals – including defense, energy, chemical, cybersecurity (including Trend and a subsidiary), and ICT companies – where a decoy website mimicked Trend’s corporate style.
- The campaign utilized a multi-stage approach, tailoring every
Trendmicro
SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
blogs_trendmicro·2025-12-11
SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
Phishing
## SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
In November, a targeted spear-phishing campaign was observed using Trend Micro-themed lures against various industries, but this was quickly detected and thwarted by the Trend Vision One™ platform.
By: Daniel Lunghi, Ian Kenefick, Feike Hacquebord Dec 11, 2025 Read time: ( words)
Save to Folio
Special thanks to Stephen Hilt.
The subjects of the e-mails in the November 2025 campaign included:
Ensure Browser Security: Address Critical Vulnerabilities
Important: Protect Your Browser Against Recent Zero-Day Vulnerabilities
Important: TM security advisory and steps to protect your system
Important: Trend Micro security advisory and steps to protect your system
Security Advisory — Zero-Day Vulnerabil
Trendmicro
SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
blogs_trendmicro·2025-12-11
SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
Phishing
## SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
In November, a targeted spear-phishing campaign was observed using Trend Micro-themed lures against various industries, but this was quickly detected and thwarted by the Trend Vision One™ platform.
By: Daniel Lunghi, Ian Kenefick, Feike Hacquebord 2025/12/11 Read time: ( words)
Save to Folio
Special thanks to Stephen Hilt.
The subjects of the e-mails in the November 2025 campaign included:
Ensure Browser Security: Address Critical Vulnerabilities
Important: Protect Your Browser Against Recent Zero-Day Vulnerabilities
Important: TM security advisory and steps to protect your system
Important: Trend Micro security advisory and steps to protect your system
Security Advisory — Zero-Day Vulnerabilit
Trendmicro
SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
blogs_trendmicro·2025-12-11
SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
Phishing
## SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
In November, a targeted spear-phishing campaign was observed using Trend Micro-themed lures against various industries, but this was quickly detected and thwarted by the Trend Vision One™ platform.
By: Daniel Lunghi, Ian Kenefick, Feike Hacquebord Dec 11, 2025 Read time: ( words)
Save to Folio
Special thanks to Stephen Hilt.
The subjects of the emails in the November 2025 campaign included:
Ensure Browser Security: Address Critical Vulnerabilities
Important: Protect Your Browser Against Recent Zero-Day Vulnerabilities
Important: TM security advisory and steps to protect your system
Important: Trend Micro security advisory and steps to protect your system
Security Advisory — Zero-Day Vulnerabili
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Ciberamenazas
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primari
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
# MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi
2024/12/05
Read time: ( words)
Save to Folio
#### Summary
- Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
- MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, prim
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi 2024/12/05 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primarily
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyberbedrohungen
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, prim
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primari
Bugzilla
CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-
bugzilla·2018-03-07·CVSS 8.8
CVE-2018-6057 [HIGH] CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-
CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 ... chromium: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the releva
Bugzilla
CVE-2018-6065 chromium-browser: integer overflow in v8
bugzilla·2018-03-07·CVSS 8.8
CVE-2018-6065 [HIGH] CVE-2018-6065 chromium-browser: integer overflow in v8
CVE-2018-6065 chromium-browser: integer overflow in v8
An integer overflow flaw was found in the V8 component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=808192
External References:
https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1552502]
Affects: epel-7 [bug 1552504]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:0484 https://access.redhat.com/errata/RHSA-2018:0484
Bugzilla
CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-
bugzilla·2018-03-07·CVSS 8.8
CVE-2018-6057 [HIGH] CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-
CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 ... chromium: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-l
http://www.securityfocus.com/bid/103297https://access.redhat.com/errata/RHSA-2018:0484https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.htmlhttps://crbug.com/808192https://www.debian.org/security/2018/dsa-4182https://www.exploit-db.com/exploits/44584/https://www.zerodayinitiative.com/advisories/ZDI-19-367/http://www.securityfocus.com/bid/103297https://access.redhat.com/errata/RHSA-2018:0484https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.htmlhttps://crbug.com/808192https://www.debian.org/security/2018/dsa-4182https://www.exploit-db.com/exploits/44584/https://www.zerodayinitiative.com/advisories/ZDI-19-367/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6065
2018-11-14
Published
2022-06-08
Added to CISA KEV
Exploited in the wild