CVE-2018-6090 : What You Need to Know
Learn about CVE-2018-6090, an integer overflow vulnerability in Skia in Google Chrome allowing remote code execution. Find mitigation steps and affected versions.
A remote attacker exploited an integer overflow in Skia in Google Chrome before version 66.0.3359.117 to execute arbitrary code within a sandbox.
Understanding CVE-2018-6090
What is CVE-2018-6090?
An integer overflow in Skia in Google Chrome allowed a remote attacker to trigger a heap buffer-overflow, enabling the execution of arbitrary code within a sandbox by visiting a specially crafted HTML page.
The Impact of CVE-2018-6090
The vulnerability could be exploited by a remote attacker to execute arbitrary code within a sandbox, potentially leading to unauthorized access and control of the affected system.
Technical Details of CVE-2018-6090
Vulnerability Description
- Type: Integer overflow
- Exploited in Skia in Google Chrome
- Resulted in a heap buffer-overflow
Affected Systems and Versions
- Product: Chrome
- Vendor: Google
- Versions Affected: < 66.0.3359.117
Exploitation Mechanism
- Attacker triggers the integer overflow in Skia
- Visiting a specially crafted HTML page
Mitigation and Prevention
Immediate Steps to Take
- Update Google Chrome to version 66.0.3359.117 or later
- Avoid visiting untrusted or suspicious websites
Long-Term Security Practices
- Regularly update software and applications
- Implement sandboxing and isolation mechanisms
Patching and Updates
- Apply security patches promptly
- Monitor vendor advisories for updates