CVE-2018-20071: XSS

Reference Links

• https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html (Advisory)
• https://crbug.com/853937

Parent vulnerabilities

(Appears in the following advisories)

• 7291058932546954654

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2018-17480
• CVE-2018-17481
• CVE-2018-18335
• CVE-2018-18336
• CVE-2018-18337
• CVE-2018-18338
• CVE-2018-18339
• CVE-2018-18340
• CVE-2018-18341
• CVE-2018-18342
• CVE-2018-18343
• CVE-2018-18344
• CVE-2018-18345
• CVE-2018-18346
• CVE-2018-18347
• CVE-2018-18348
• CVE-2018-18349
• CVE-2018-18350
• CVE-2018-18351
• CVE-2018-18352
• CVE-2018-18353
• CVE-2018-18354
• CVE-2018-18355
• CVE-2018-18356
• CVE-2018-18357
• CVE-2018-18358
• CVE-2018-18359
• CVE-2018-20065
• CVE-2018-20066
• CVE-2018-20067
• CVE-2018-20068
• CVE-2018-20069
• CVE-2018-20070

Frequently Asked Questions

• What is the severity of CVE-2018-20071?

  CVE-2018-20071 is classified as a high severity vulnerability due to potential remote code execution.

• How do I fix CVE-2018-20071?

  To fix CVE-2018-20071, users should update Google Chrome to version 71.0.3578.80 or later.

• What type of vulnerability is CVE-2018-20071?

  CVE-2018-20071 is an origin verification vulnerability during JIT payment app installation in Google Chrome.

• What systems are affected by CVE-2018-20071?

  CVE-2018-20071 affects Google Chrome versions prior to 70.0.3538.67.

• Can CVE-2018-20071 be exploited remotely?

  Yes, CVE-2018-20071 can be exploited by a remote attacker through a crafted HTML page.