CVE-2018-16083

HIGH

Google Chrome < 69.0.3497.81 - Out-of-bounds Read in WebRTC Forward Error Correction

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-16083. PoCs published by Google Security Research.

AI-analyzed exploit summary The provided content describes an out-of-bounds read vulnerability in WebRTC's FEC processing, leading to a heap-buffer-overflow when a very short RTP packet is processed. The ASAN crash log details the stack trace and memory allocation context.

Description

An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/45444

View Code ZIP pw:eip

The provided content describes an out-of-bounds read vulnerability in WebRTC's FEC processing, leading to a heap-buffer-overflow when a very short RTP packet is processed. The ASAN crash log details the stack trace and memory allocation context.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: WebRTC (specific version not specified)

No auth needed

Prerequisites: Network access to send malformed RTP packets to a vulnerable WebRTC endpoint

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105215

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45444/

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2666

Release Notes, Vendor Advisory x_refsource_confirm

https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201811-10

Issue Tracking x_refsource_misc

https://crbug.com/856823

Scores

CVSS v3 8.8

EPSS 0.0526

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-125

Status published

Products (4)

google/chrome < 69.0.3497.81

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_workstation 6.0

Published Jan 09, 2019

Tracked Since Feb 18, 2026