CVE-2018-18343 : Security Advisory and Response
Learn about CVE-2018-18343, a Google Chrome vulnerability allowing heap corruption via crafted HTML pages. Find mitigation steps and update information here.
A vulnerability in Skia in Google Chrome versions before 71.0.3578.80 resulted in improper handling of paths, potentially leading to a use after free issue. This flaw could have been exploited by a malicious actor using a specially crafted HTML page.
Understanding CVE-2018-18343
What is CVE-2018-18343?
Incorrect handling of paths in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
The Impact of CVE-2018-18343
The vulnerability could lead to a use after free issue, potentially allowing a malicious actor to cause heap corruption.
Technical Details of CVE-2018-18343
Vulnerability Description
- Vulnerability in Skia in Google Chrome versions before 71.0.3578.80
- Improper handling of paths
- Use after free issue
Affected Systems and Versions
- Product: Chrome
- Vendor: Google
- Versions Affected: < 71.0.3578.80
Exploitation Mechanism
- Malicious actor could exploit the vulnerability using a specially crafted HTML page
Mitigation and Prevention
Immediate Steps to Take
- Update Google Chrome to version 71.0.3578.80 or later
- Avoid clicking on suspicious links or visiting untrusted websites
Long-Term Security Practices
- Regularly update software and applications to the latest versions
- Implement security best practices to prevent exploitation of vulnerabilities
Patching and Updates
- Google released a patch in version 71.0.3578.80 to address this vulnerability