CVE-2018-17463

HIGH KEV

Google Chrome <70.0.3538.64 - RCE

Title source: llm

Description

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/48184
nomisec WORKING POC 11 stars
by jhalon · client-side
https://github.com/jhalon/CVE-2018-17463
nomisec WORKING POC 1 stars
by kdmarti2 · client-side
https://github.com/kdmarti2/CVE-2018-17463
metasploit WORKING POC MANUAL
by saelo, timwr · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/chrome_object_create.rb

References (8)

Scores

CVSS v3 8.8
EPSS 0.9220
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-06-08
VulnCheck KEV 2019-09-24
InTheWild.io 2020-03-25
ENISA EUVD EUVD-2018-9216
Status published
Products (5)
debian/debian_linux 9.0
google/chrome < 70.0.3538.67
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_workstation 6.0
Published Nov 14, 2018
KEV Added Jun 08, 2022
Tracked Since Feb 18, 2026