Learn about CVE-2018-18359, a vulnerability in Google Chrome versions before 71.0.3578.80 allowing remote attackers to exploit out-of-bounds memory read via crafted HTML pages. Find mitigation steps and updates here.
A vulnerability in V8, the JavaScript engine used in Google Chrome versions before 71.0.3578.80, allowed a remote attacker to exploit an out-of-bounds memory read through a specially crafted HTML page.
Understanding CVE-2018-18359
This CVE entry describes a security vulnerability in Google Chrome that could be exploited by a remote attacker.
What is CVE-2018-18359?
The vulnerability in V8, the JavaScript engine in Google Chrome versions prior to 71.0.3578.80, resulted in an incorrect handling of Reflect.construct, enabling a remote attacker to trigger an out-of-bounds memory read via a specifically crafted HTML page.
The Impact of CVE-2018-18359
The vulnerability allowed a remote attacker to exploit the out-of-bounds memory read, potentially leading to unauthorized access or information disclosure.
Technical Details of CVE-2018-18359
This section provides more technical insights into the CVE-2018-18359 vulnerability.
Vulnerability Description
The vulnerability stemmed from the incorrect handling of Reflect.construct in the V8 JavaScript engine used in Google Chrome versions before 71.0.3578.80.
Affected Systems and Versions
Exploitation Mechanism
The vulnerability could be exploited by a remote attacker through a specially crafted HTML page, triggering an out-of-bounds memory read.
Mitigation and Prevention
To address CVE-2018-18359, users and organizations should take the following steps:
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates