Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-6129Out-of-bounds Read in Google Chrome

CWE-125Out-of-bounds Read10 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
6.2%
top 9.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Google Chrome
Timeline
PublishedJun 27
Latest updateMay 24

Description

Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5google/chromeunspecified67.0.3396.62
NVDgoogle/chrome< 67.0.3396.62

🔴Vulnerability Details

3
GHSA
GHSA-cgw7-3f4w-4c8f: Out of bounds array access in WebRTC in Google Chrome prior to 672022-05-24
OSV
CVE-2018-6129: Out of bounds array access in WebRTC in Google Chrome prior to 672019-06-27
Project0
Adventures in Video Conferencing Part 1: The Wild World of WebRTC - Project Zero2018-12-01

💥Exploits & PoCs

1
Exploit-DB
WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access2018-06-08

📋Vendor Advisories

1
Red Hat
chromium-browser: Out of bounds memory access in WebRTC2018-05-29

💬Community

4
Bugzilla
VP9 Missing Frame Processing Out-of-Bounds Memory Access2018-06-08
Bugzilla
CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-05-30
Bugzilla
CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-05-30
Bugzilla
CVE-2018-6129 chromium-browser: Out of bounds memory access in WebRTC2018-05-30