A cross-site scripting issue was discovered in V8 in Google Chrome prior to 103.0.5060.53. A remote attacker could exploit this by persuading a user to view a specially crafted website. It was reported that this issue does not lead to a crash and there are no known attacks that leverage this issue at present. This issue has been fixed in the upstream version. CVE-2018-5407 A flaw was found in the way Chrome interpreted malformed input streams with the ‘rfc_char_set()' function. An attacker could use this flaw to bypass multiple types of protection against Cross-Site Scripting (XSS) by setting various properties on a targeted site and injecting data into the response.

CVE-2018-5408 An overflow condition exists in the ‘rfc_parse()' function of the V8 JavaScript engine due to insufficient input validation. An attacker can leverage this flaw to corrupt memory and potentially execute code.

CVE-2018-5409 A flaw was found in the way Chrome parsed ‘application/javascript’ HTTP responses with the ‘text()’ function. An attacker could use this flaw to bypass certain type restrictions.

CVE-2018-5410 A flaw in the Chrome PDF extension could allow an attacker using a specially crafted file to inject arbitrary JavaScript into a PDF document.

CVE-2018-5411 A use-after-free can occur in the ‘C DOM

How to Update to the Latest Version of Chrome

If you want to update your browser to the latest version, head to Google Chrome and click on "Check for Updates" in the top-right corner. This will update your browser with any available updates.

Timeline

Published on: 07/28/2022 01:15:00 UTC
Last modified on: 08/15/2022 11:21:00 UTC

References