VDB
CVE-2018-18358
CVE-2018-18358
PUBLISHED
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
EPSS 0.11% · 29.3th percentile
Risk Scores
EPSS Score
0.11%
29.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | chromium-browser | 59.0.3071.109-0ubuntu0.16.04.1291, 62.0.3202.89-0ubuntu0.16.04.1315, 63.0.3239.84-0ubuntu0.16.04.1 |
| Ubuntu:18.04:LTS | chromium-browser | 61.0.3163.100-0ubuntu1.1378, 62.0.3202.89-0ubuntu1.1386, 63.0.3239.84-0ubuntu1 |
Exploit Intelligence
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17480 (circl)
- DSA-4352 (circl)
- RHSA-2018:3803 (circl)
- https://crbug.com/905940 (circl)
- 106084 (circl)
- GLSA-201908-18 (circl)
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html (circl)
- CIRCL exploited: CVE-2018-17480 (circl-sighting)
- CIRCL seen: CVE-2018-17480 (circl-sighting)
- CIRCL seen: CVE-2018-17480 (circl-sighting)
…and 4 more exploits
Timeline
- Dec 5, 2018 CVE Published
- Sep 25, 2019 PoC Published
- Oct 9, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-18358 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-18358 third-party-advisory