CVE-2018-18335 : What You Need to Know

A potential vulnerability was found in Google Chrome versions prior to 71.0.3578.80, specifically in Skia's heap buffer. This vulnerability could be utilized by a remote attacker to exploit heap corruption by using a specially-crafted HTML page.

Understanding CVE-2018-18335

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

What is CVE-2018-18335?

CVE ID: CVE-2018-18335
Published Date: December 11, 2018
Affected Vendor: Google
Affected Product: Chrome
Vulnerability Type: Heap buffer overflow

The Impact of CVE-2018-18335

This vulnerability in Google Chrome versions prior to 71.0.3578.80 could allow a remote attacker to exploit heap corruption, potentially leading to unauthorized access or control of the affected system.

Technical Details of CVE-2018-18335

Vulnerability Description

The vulnerability lies in Skia's heap buffer in Google Chrome versions before 71.0.3578.80, enabling a remote attacker to trigger heap corruption through a specially-crafted HTML page.

Affected Systems and Versions

Product: Chrome
Vendor: Google
Versions Affected: < 71.0.3578.80

Exploitation Mechanism

The vulnerability can be exploited by a remote attacker through a carefully crafted HTML page, leading to heap corruption and potential system compromise.

Mitigation and Prevention

Immediate Steps to Take

Update Google Chrome to version 71.0.3578.80 or later to mitigate the vulnerability.
Exercise caution while browsing untrusted websites to minimize the risk of exploitation.

Long-Term Security Practices

Regularly update software and applications to patch known vulnerabilities.
Implement network security measures to detect and prevent unauthorized access.

Patching and Updates

Google released a stable channel update addressing this vulnerability. Ensure timely installation of security patches to protect against known threats.