CVE-2018-6063: A remote code execution vulnerability in Blink/Webkit components was fixed in V8 in Google Chrome OS prior to 69.0.3497.81. The issue was with the lack of validation of certain properties of untrusted input. An attacker could inject malicious code into a website, host, or document via any web input method. Inadequately validated user input could result in remote code execution in Blink/Webkit components. We decided to also provide a workaround for those users who are running Google Chrome OS 69.0.3497.81 or earlier. We will be updating V8 to the version listed below in the next few releases, and no further action is required by users. A remote code execution vulnerability in Blink/Webkit components was fixed in V8 in Google Chrome OS prior to 69.0.3497.81. The issue was with the lack of validation of certain properties of untrusted input. An attacker could inject malicious code into a website, host, or document via any web input method. Inadequately validated user input could result in remote code execution in Blink/Webkit components. We decided to also provide a workaround for those users who are running Google Chrome OS 69.0.3497.81 or earlier. We will be updating V8 to the version listed below in the next few releases, and no further action is required by users. This issue was fixed by updating Blink to version 67.0.
Vulnerability found and patched in V8
A remote code execution vulnerability in Blink/Webkit components was fixed in V8 in Google Chrome OS prior to 69.0.3497.81. The issue was with the lack of validation of certain properties of untrusted input. An attacker could inject malicious code into a website, host, or document via any web input method. Inadequately validated user input could result in remote code execution in Blink/Webkit components. We decided to also provide a workaround for those users who are running Google Chrome OS 69.0.3497.81 or earlier. We will be updating V8 to the version listed below in the next few releases, and no further action is required by users.
Supported version 3.0.2-beta2
The risk for this bug was low because it was only exploitable if a user navigated to a malicious website and granted the website permission to access their camera, microphone, and location.
What is V8?
V8 is a JavaScript engine for the browser.
V8 version resolved in this advisory
CVE-2018-6213: A remote code execution vulnerability in V8, a JavaScript engine used in Google Chrome, was fixed. The issue was with improper handling of erroneous floating point values that could be exploited by an attacker to write arbitrary data to memory. An attacker could cause a denial of service condition or execute arbitrary code on the host, bypassing sandbox protection mechanisms. We decided to also provide a workaround for those users who are running Google Chrome OS 69.0.3497.81 or earlier. We will be updating V8 to the version listed below in the next few releases, and no further action is required by users.
This issue was fixed by updating V8 to version 6.1 (stable).
V8 Version Update
V8 version 7.6.85.28 is now available in the stable channel and in the beta channel for Windows, Linux, and macOS.
Timeline
Published on: 09/26/2022 16:15:00 UTC
Last modified on: 10/03/2022 02:15:00 UTC
References
- https://crbug.com/1339648
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://security.gentoo.org/glsa/202209-23
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3045