CVE-2018-6084

moderate-risk

Published 2019-01-09

Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

44307

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (5)

Chrome

Debian Linux

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Affected Vendors

Debian Redhat Google

References (10)

http://www.securityfocus.com/bid/103468

http://www.securityfocus.com/bid/103917

https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop....

https://crbug.com/822424

https://www.exploit-db.com/exploits/44307/

http://www.securityfocus.com/bid/103468

http://www.securityfocus.com/bid/103917

https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop....

https://crbug.com/822424

https://www.exploit-db.com/exploits/44307/

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 8/34 · Low

Exposure 12/34 · Low