GSD-2018-17480 — Vulnetix

Try Vulnetix Request Demo

GSD-2018-17480 PUBLISHED CVSS 8.800000190734863 HIGH

Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Google	Chrome	unspecified

Timeline

Dec 5, 2018 CVE Published
Sep 25, 2019 PoC Published
Oct 9, 2020 PoC Published
Jun 14, 2023 PoC Published
Dec 24, 2024 PoC Published
Feb 23, 2025 PoC Published
Mar 3, 2025 PoC Published
Feb 2, 2026 PoC Published
Apr 17, 2026 Distribution Patch
Apr 17, 2026 Distribution Patch
Apr 17, 2026 Security Advisory
Apr 17, 2026 Security Advisory

References

GLSA-201908-18 advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17480 advisory
RHSA-2018:3803 advisory
DSA-4352 advisory
https://crbug.com/905940 url
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html url
106084 vdb

Open in Interactive Console →