It is possible that similar problems might exist in other products or versions.
CVE-2018-6169 was opened for disclosure on 11/27/2018 and assigned as CR# 28211.
In Google VR, a pointer override in WebVR browser might be used to corrupt memory and potentially gain code execution.
CVE-2018-6171 was opened for disclosure on 11/27/2018 and assigned as CR# 28201. VR Navigator allows remote attackers to cause a denial of service (resource consumption) via a crafted web site.
CVE-2018-6174 was opened for disclosure on 11/27/2018 and assigned as CR# 28208. VR Settings allows attackers to bypass authentication via a crafted URL.
CVE-2018-6176 was opened for disclosure on 11/27/2018 and assigned as CR# 28195. VR scene view allows remote attackers to obtain sensitive information (including orientation) via crafted WebVR data.
CVE-2018-6177 was opened for disclosure on 11/27/2018 and assigned as CR# 28196. VR Settings allows remote attackers to bypass authentication via a crafted URL.
CVE-2018-6178 was opened for disclosure on 11/27/2018 and assigned as CR# 28197. VR Settings allows remote attackers to bypass authentication via a crafted URL.
CVE-2018-6179 was opened for disclosure on 11/27/2018 and assigned as CR# 28198.
Vulnerability overview
An attacker can control the VR scene view | CVE-2018-6176
An attacker can bypass authentication to access VR Settings | CVE-2018-6179
VR Navigator allows remote attackers to cause a denial of service (resource consumption) via a crafted web site | CVE-2018-6171
A pointer override in WebVR browser might be used to corrupt memory and gain code execution | CVE-2018-6169
VR Settings allows attackers to bypass authentication via a crafted URL | CVE-2018-6178
VR Settings allows remote attackers to bypass authentication via a crafted URL | CVE-2018-6177
Timeline
Published on: 04/05/2022 01:15:00 UTC
Last modified on: 08/15/2022 11:15:00 UTC