CVE-2018-6092

HIGH

Google Chrome < 66.0.3359.117 - Remote Code Execution via WebAssembly Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6092. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits an integer overflow in V8's WebAssembly decoder on 32-bit platforms, bypassing a local count check to trigger memory corruption. The crafted WebAssembly module manipulates function locals to achieve this.

Description

An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · javascriptdosmultiple

https://www.exploit-db.com/exploits/44860

View Code ZIP pw:eip

This PoC exploits an integer overflow in V8's WebAssembly decoder on 32-bit platforms, bypassing a local count check to trigger memory corruption. The crafted WebAssembly module manipulates function locals to achieve this.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Google V8 Engine (32-bit platforms)

No auth needed

Prerequisites: 32-bit platform · V8 engine with WebAssembly support

MITRE ATT&CK