6.8
CVSSv2

CVE-2018-6064

Published: 14/11/2018 Updated: 02/05/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 686
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome before 65.0.3325.146 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Vulnerability Trend

Vendor Advisories

Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 6503325146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page ...
Synopsis Important: chromium-browser security update Type/Severity Security Advisory: Important Topic An update for chromium-browser is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Several vulnerabilities have been discovered in the chromium web browser CVE-2018-6056 lokihardt discovered an error in the v8 javascript library CVE-2018-6057 Gal Beniamini discovered errors related to shared memory permissions CVE-2018-6060 Omair discovered a use-after-free issue in blink/webkit CVE-2018-6061 Guang Gong disco ...

Exploits

/* Here's a snippet of the method cschromiumorg/chromium/src/v8/src/elementscc?rcl=3cbf26e8a21aa76703d2c3c51adb9c96119500da&l=1051 static Maybe<bool> CollectValuesOrEntriesImpl( Isolate* isolate, Handle<JSObject> object, Handle<FixedArray> values_or_entries, bool get_entries, int* nof_items, Pr ...

Mailing Lists

Chrome V8 suffers from a type confusion vulnerability in ElementsAccessorBase::CollectValuesOrEntriesImpl ...

Github Repositories

A collection of JavaScript engine CVEs with PoCs

Case Study of JavaScript Engine Vulnerabilities V8 CVE Number Feature Keywords Credit CVE-2013-6632 TypedArray Integer Overflow, OOB Pinkie Pie CVE-2014-1705 TypedArray Invalid Array Length, OOB geohot CVE-2014-3176 Arrayconcat Side Effect, OOB lokihardt CVE-2014-7927 Optimization asmjs, OOB Christian Holler CVE-2014-7928 Optimization Array Christian Holler C

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :