CVE-2018-6064: (Pwn2Own) Xiaomi Mi6 V8 CollectValuesOrEntriesImpl Type Confusion Remote Code Execution Vulnerability
First published: Wed Mar 07 2018(Updated: )
A type confusion flaw was found in the V8 component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=798644">https://code.google.com/p/chromium/issues/detail?id=798644</a> External References: <a href="https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html">https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html</a>
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/chromium-browser | <65.0.3325.146 | 65.0.3325.146 |
| debian/chromium-browser | ||
| debian/libv8 | ||
| Google Chrome | <65.0.3325.146 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Debian Debian Linux | =9.0 | |
| Xiaomi Browser |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/103297
- https://access.redhat.com/errata/RHSA-2018:0484
- https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
- https://crbug.com/798644
- https://www.debian.org/security/2018/dsa-4182
- https://www.exploit-db.com/exploits/44394/
- https://www.zerodayinitiative.com/advisories/ZDI-19-368/
- https://code.google.com/p/chromium/issues/detail?id=798644
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1552502
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1552504
- https://bugzilla.redhat.com/show_bug.cgi?id=1552481
- https://security-tracker.debian.org/tracker/CVE-2018-6064
Frequently Asked Questions
What is CVE-2018-6064?
CVE-2018-6064 is a vulnerability that allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6.
How can this vulnerability be exploited?
This vulnerability can be exploited when the target visits a malicious page or opens a malicious file.
Which software versions are affected by CVE-2018-6064?
The affected software includes Xiaomi Browser, Google Chrome up to version 65.0.3325.146, Redhat Enterprise Linux Desktop 6.0, Redhat Enterprise Linux Server 6.0, Redhat Enterprise Linux Workstation 6.0, and Debian Debian Linux 9.0.
What is the severity level of CVE-2018-6064?
CVE-2018-6064 has a severity level of 8.8 (high).
How can I fix CVE-2018-6064?
To fix CVE-2018-6064, update your software to the recommended versions provided by the software vendors.
- collector/security-tracker-debian
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-6064
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/tags
- agent/description
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-19-368
- alias/ZDI-CAN-7478
- package-manager/debian
- vendor/google
- canonical/google chrome
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- package-manager/redhat
- vendor/xiaomi
- canonical/xiaomi browser