VDB
CVE-2018-6084
CVE-2018-6084
PUBLISHED
CVSS 7.199999809265137 HIGH
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
EPSS 0.12% · 31.0th percentile
Risk Scores
CVSS 2.0
7.199999809265137
EPSS Score
0.12%
31.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| chrome | 0 | |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| debian | debian_linux | 9.0 |
| Chrome | * | |
| redhat | enterprise_linux_server | 6.0 |
Exploit Intelligence
- CIRCL exploited: CVE-2018-6084 (circl-sighting)
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html (circl)
- 103468 (circl)
- https://crbug.com/822424 (circl)
- 103917 (circl)
- 44307 (cve.org)
- Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation Exploit (0day-today)
- Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation Exploit (0day-today)
Timeline
- Mar 20, 2018 PoC Published
- Mar 20, 2018 PoC Published
- Jan 9, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
References
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html url
- 44307 exploit
- 103468 vdb
- https://crbug.com/822424 url
- 103917 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2018-6084 advisory
- https://www.exploit-db.com/exploits/44307 url
- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29 advisory