Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-6126Out-of-bounds Write in Google Chrome

CWE-787Out-of-bounds Write13 documents9 sources
Severity
8.8HIGHNVD
EPSS
41.2%
top 2.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Google ChromeDebian LinuxRedhat Enterprise Linux Desktop+2 more
Timeline
PublishedJan 9
Latest updateMay 14

Description

A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

CVEListV5google/chromeunspecified67.0.3396.62
NVDgoogle/chrome< 67.0.3396.62

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-jhg2-2xh7-hgw9: A precision error in Skia in Google Chrome prior to 672022-05-14
OSV
CVE-2018-6126: A precision error in Skia in Google Chrome prior to 672019-01-09
CVEList
CVE-2018-6126: A precision error in Skia in Google Chrome prior to 672019-01-09

💥Exploits & PoCs

1
Exploit-DB
Skia - Heap Overflow in SkScan::FillPath due to Precision Error2018-07-27

📋Vendor Advisories

3
Ubuntu
Firefox vulnerability2018-06-12
Red Hat
Skia: Heap buffer overflow rasterizing paths in SVG2018-05-29
Debian
CVE-2018-6126: firefox - A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remot...2018

💬Community

5
Bugzilla
CVE-2018-6126 firefox: chromium-browser: Heap buffer overflow in Skia [fedora-all]2018-06-14
Bugzilla
CVE-2018-6126 Skia: Heap buffer overflow rasterizing paths in SVG2018-05-30
Bugzilla
CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-05-30
Bugzilla
CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-05-30
Bugzilla
Firefox/Skia: Heap overflow in SkScan::FillPath due to precision error2018-05-18
CVE-2018-6126 — Out-of-bounds Write in Google Chrome | cvebase