10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.965 High
EPSS
Percentile
99.6%
Google Chrome Releases reports:
45 security fixes in this release:
[758848] High CVE-2017-11215: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25
[758863] High CVE-2017-11225: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25
[780919] High CVE-2018-6060: Use after free in Blink. Reported by Omair on 2017-11-02
[794091] High CVE-2018-6061: Race condition in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2017-12-12
[780104] High CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous on 2017-10-31
[789959] High CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-11-30
[792900] High CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-12-07
[798644] High CVE-2018-6064: Type confusion in V8. Reported by lokihardt of Google Project Zero on 2018-01-03
[808192] High CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand of Google Project Zero on 2018-02-01
[799477] Medium CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa on 2018-01-05
[779428] Medium CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson on 2017-10-30
[779428] Medium CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson on 2017-10-30
[799918] Medium CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu and Yangkang(@dnpushme) of Qihoo360 Qex Team on 2018-01-08
[668645] Medium CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu on 2016-11-25
[777318] Medium CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous on 2017-10-23
[791048] Medium CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen of OUSPG on 2017-12-01
[804118] Medium CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair on 2018-01-20
[809759] Medium CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi (@qab) on 2018-02-06
[608669] Medium CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti De Ceukelaire (intigriti.com) on 2016-05-03
[758523] Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink. Reported by Mateusz Krzeszowiec on 2017-08-24
[778506] Medium CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani on 2017-10-26
[793628] Medium CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani on 2017-12-10
[788448] Medium CVE-2018-6079: Information disclosure via texture data in WebGL. Reported by Ivars Atteka on 2017-11-24
[792028] Medium CVE-2018-6080: Information disclosure in IPC call. Reported by Gal Beniamini of Google Project Zero on 2017-12-05
[797525] Low CVE-2018-6081: XSS in interstitials. Reported by Rob Wu on 2017-12-24
[767354] Low CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-09-21
[771709] Low CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun Kokatsu (@shhnjk) on 2017-10-04
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.965 High
EPSS
Percentile
99.6%