Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for mi6_browser by mi

    CVE-2019-6743 (GCVE-0-2019-6743)

    Vulnerability from nvd – Published: 2019-06-03 18:16 – Updated: 2024-08-04 20:31
    VLAI
    Summary
    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7466.
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Xiaomi Browser Affected: prior to 10.4.0
    Create a notification for this product.
    Credits
    fluoroacetate
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.176Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Browser",
              "vendor": "Xiaomi",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 10.4.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "fluoroacetate"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7466."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-03T18:16:26.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "zdi-disclosures@trendmicro.com",
              "ID": "CVE-2019-6743",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Browser",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 10.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Xiaomi"
                  }
                ]
              }
            },
            "credit": "fluoroacetate",
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7466."
                }
              ]
            },
            "impact": {
              "cvss": {
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787: Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2019-6743",
        "datePublished": "2019-06-03T18:16:26.000Z",
        "dateReserved": "2019-01-24T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:31:04.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6065 (GCVE-0-2018-6065)

    Vulnerability from nvd – Published: 2018-11-14 15:00 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Integer overflow
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    Impacted products
    Vendor Product Version
    Google Chrome Affected: unspecified , < 65.0.3325.146 (custom)
    Create a notification for this product.
    Date Public
    2018-11-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:54:52.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://crbug.com/808192"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
              },
              {
                "name": "103297",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103297"
              },
              {
                "name": "RHSA-2018:0484",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0484"
              },
              {
                "name": "44584",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/44584/"
              },
              {
                "name": "DSA-4182",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-367/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-6065",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T17:16:27.972489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-06-08",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6065"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:46.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6065"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-06-08T00:00:00.000Z",
                "value": "CVE-2018-6065 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "65.0.3325.146",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Integer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-30T19:06:00.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://crbug.com/808192"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
            },
            {
              "name": "103297",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103297"
            },
            {
              "name": "RHSA-2018:0484",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0484"
            },
            {
              "name": "44584",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/44584/"
            },
            {
              "name": "DSA-4182",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-367/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2018-6065",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Chrome",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "65.0.3325.146"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Google"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Integer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://crbug.com/808192",
                  "refsource": "MISC",
                  "url": "https://crbug.com/808192"
                },
                {
                  "name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
                  "refsource": "CONFIRM",
                  "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
                },
                {
                  "name": "103297",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103297"
                },
                {
                  "name": "RHSA-2018:0484",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0484"
                },
                {
                  "name": "44584",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/44584/"
                },
                {
                  "name": "DSA-4182",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4182"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-367/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-367/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2018-6065",
        "datePublished": "2018-11-14T15:00:00.000Z",
        "dateReserved": "2018-01-23T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:46.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6743 (GCVE-0-2019-6743)

    Vulnerability from cvelistv5 – Published: 2019-06-03 18:16 – Updated: 2024-08-04 20:31
    VLAI
    Summary
    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7466.
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Xiaomi Browser Affected: prior to 10.4.0
    Create a notification for this product.
    Credits
    fluoroacetate
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.176Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Browser",
              "vendor": "Xiaomi",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 10.4.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "fluoroacetate"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7466."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-03T18:16:26.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "zdi-disclosures@trendmicro.com",
              "ID": "CVE-2019-6743",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Browser",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 10.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Xiaomi"
                  }
                ]
              }
            },
            "credit": "fluoroacetate",
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7466."
                }
              ]
            },
            "impact": {
              "cvss": {
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787: Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2019-6743",
        "datePublished": "2019-06-03T18:16:26.000Z",
        "dateReserved": "2019-01-24T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:31:04.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6065 (GCVE-0-2018-6065)

    Vulnerability from cvelistv5 – Published: 2018-11-14 15:00 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Integer overflow
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    Impacted products
    Vendor Product Version
    Google Chrome Affected: unspecified , < 65.0.3325.146 (custom)
    Create a notification for this product.
    Date Public
    2018-11-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:54:52.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://crbug.com/808192"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
              },
              {
                "name": "103297",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103297"
              },
              {
                "name": "RHSA-2018:0484",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0484"
              },
              {
                "name": "44584",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/44584/"
              },
              {
                "name": "DSA-4182",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-367/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-6065",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T17:16:27.972489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-06-08",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6065"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:46.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6065"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-06-08T00:00:00.000Z",
                "value": "CVE-2018-6065 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "65.0.3325.146",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Integer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-30T19:06:00.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://crbug.com/808192"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
            },
            {
              "name": "103297",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103297"
            },
            {
              "name": "RHSA-2018:0484",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0484"
            },
            {
              "name": "44584",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/44584/"
            },
            {
              "name": "DSA-4182",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-367/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2018-6065",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Chrome",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "65.0.3325.146"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Google"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Integer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://crbug.com/808192",
                  "refsource": "MISC",
                  "url": "https://crbug.com/808192"
                },
                {
                  "name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
                  "refsource": "CONFIRM",
                  "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
                },
                {
                  "name": "103297",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103297"
                },
                {
                  "name": "RHSA-2018:0484",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0484"
                },
                {
                  "name": "44584",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/44584/"
                },
                {
                  "name": "DSA-4182",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4182"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-367/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-367/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2018-6065",
        "datePublished": "2018-11-14T15:00:00.000Z",
        "dateReserved": "2018-01-23T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:46.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }