{"containers": {"cna": {"affected": [{"product": "Chrome", "vendor": "Google", "versions": [{"lessThan": "71.0.3578.80", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2018-12-11T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."}], "problemTypes": [{"descriptions": [{"description": "Out of bounds write", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-17T20:06:09.000Z", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://crbug.com/905940"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"}, {"name": "RHSA-2018:3803", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3803"}, {"name": "DSA-4352", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4352"}, {"name": "106084", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106084"}, {"name": "GLSA-201908-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201908-18"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2018-17480", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Chrome", "version": {"version_data": [{"version_affected": "<", "version_value": "71.0.3578.80"}]}}]}, "vendor_name": "Google"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out of bounds write"}]}]}, "references": {"reference_data": [{"name": "https://crbug.com/905940", "refsource": "MISC", "url": "https://crbug.com/905940"}, {"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"}, {"name": "RHSA-2018:3803", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3803"}, {"name": "DSA-4352", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4352"}, {"name": "106084", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106084"}, {"name": "GLSA-201908-18", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-18"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:47:04.868Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://crbug.com/905940"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"}, {"name": "RHSA-2018:3803", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3803"}, {"name": "DSA-4352", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4352"}, {"name": "106084", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106084"}, {"name": "GLSA-201908-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201908-18"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2018-17480", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-29T17:16:06.991096Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-06-08", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17480"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17480", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "timeline": [{"time": "2022-06-08T00:00:00+00:00", "lang": "en", "value": "CVE-2018-17480 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T23:45:46.405Z"}}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2018-17480", "datePublished": "2018-12-11T15:00:00.000Z", "dateReserved": "2018-09-25T00:00:00.000Z", "dateUpdated": "2025-10-21T23:45:46.405Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://crbug.com/905940", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:3803", "name": "RHSA-2018:3803", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://www.debian.org/security/2018/dsa-4352", "name": "DSA-4352", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/106084", "name": "106084", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/201908-18", "name": "GLSA-201908-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:47:04.868Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2018-17480", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-29T17:16:06.991096Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-06-08", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17480"}}}], "timeline": [{"lang": "en", "time": "2022-06-08T00:00:00+00:00", "value": "CVE-2018-17480 added to CISA KEV"}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17480", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T17:15:31.757Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "71.0.3578.80", "versionType": "custom"}]}], "datePublic": "2018-12-11T00:00:00.000Z", "references": [{"url": "https://crbug.com/905940", "tags": ["x_refsource_MISC"]}, {"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:3803", "name": "RHSA-2018:3803", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://www.debian.org/security/2018/dsa-4352", "name": "DSA-4352", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "http://www.securityfocus.com/bid/106084", "name": "106084", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://security.gentoo.org/glsa/201908-18", "name": "GLSA-201908-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}], "descriptions": [{"lang": "en", "value": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Out of bounds write"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2019-08-17T20:06:09.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "71.0.3578.80", "version_affected": "<"}]}, "product_name": "Chrome"}]}, "vendor_name": "Google"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://crbug.com/905940", "name": "https://crbug.com/905940", "refsource": "MISC"}, {"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", "refsource": "CONFIRM"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3803", "name": "RHSA-2018:3803", "refsource": "REDHAT"}, {"url": "https://www.debian.org/security/2018/dsa-4352", "name": "DSA-4352", "refsource": "DEBIAN"}, {"url": "http://www.securityfocus.com/bid/106084", "name": "106084", "refsource": "BID"}, {"url": "https://security.gentoo.org/glsa/201908-18", "name": "GLSA-201908-18", "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out of bounds write"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-17480", "STATE": "PUBLIC", "ASSIGNER": "[email protected]"}}}}, "cveMetadata": {"cveId": "CVE-2018-17480", "state": "PUBLISHED", "dateUpdated": "2025-10-21T23:45:46.405Z", "dateReserved": "2018-09-25T00:00:00.000Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2018-12-11T15:00:00.000Z", "assignerShortName": "Chrome"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-06-22", "cisaExploitAdd": "2022-06-08", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Google Chromium V8 Out-of-Bounds Write Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEC84646-AE0E-403B-903F-35E2D073FDC9", "versionEndExcluding": "71.0.3578.80", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."}, {"lang": "es", "value": "Ejecuci\u00f3n de c\u00f3digo JavaScript proporcionado por el usuario durante una deserializaci\u00f3n de arrays, la cual provoca una escritura fuera de l\u00edmites en la versi\u00f3n \"V8\" de Google Chrome en versiones anteriores a la 71.0.3578.80, permit\u00eda a un atacante remoto ejecutar c\u00f3digo arbitrario dentro de un sandbox mediante una p\u00e1gina HTML manipulada."}], "id": "CVE-2018-17480", "lastModified": "2025-10-24T14:11:02.273", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2018-12-11T16:29:00.623", "references": [{"source": "[email protected]", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106084"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3803"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"}, {"source": "[email protected]", "tags": ["Exploit", "Issue Tracking"], "url": "https://crbug.com/905940"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201908-18"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4352"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3803"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://crbug.com/905940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201908-18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4352"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17480"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2018:3803", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "chromium-browser-0:71.0.3578.80-1.el6_10", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2018-12-10T00:00:00Z"}], "bugzilla": {"description": "chromium-browser: Out of bounds write in V8", "id": "1656547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656547"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."], "name": "CVE-2018-17480", "public_date": "2018-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-17480\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17480\nhttps://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Important"}