CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS
First published: Thu Mar 15 2018(Updated: )
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
Credit: Ian Beer Google Project Zero cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <66.0.3359.117 | 66.0.3359.117 |
| Google Chrome | <66.0.3359.117 | |
| Apple macOS | ||
| Debian Debian Linux | =9.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux workstation | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-6085
- CVE-2018-6086
- CVE-2018-6087
- CVE-2018-6088
- CVE-2018-6089
- CVE-2018-6090
- CVE-2018-6091
- CVE-2018-6092
- CVE-2018-6093
- CVE-2018-6152
- CVE-2018-6094
- CVE-2018-6095
- CVE-2018-6150
- CVE-2018-6096
- CVE-2018-6097
- CVE-2018-6151
- CVE-2018-6098
- CVE-2018-6099
- CVE-2018-6100
- CVE-2018-6101
- CVE-2018-6102
- CVE-2018-6103
- CVE-2018-6104
- CVE-2018-6105
- CVE-2018-6106
- CVE-2018-6107
- CVE-2018-6108
- CVE-2018-6109
- CVE-2018-6110
- CVE-2018-6111
- CVE-2018-6112
- CVE-2018-6113
- CVE-2018-6114
- CVE-2018-6115
- CVE-2018-6116
- CVE-2018-6117
Frequently Asked Questions
What is the severity of CVE-2018-6084?
CVE-2018-6084 has been rated as high severity due to its potential to allow arbitrary code execution by local attackers.
How do I fix CVE-2018-6084?
To fix CVE-2018-6084, upgrade Google Chrome to version 66.0.3359.117 or later.
What types of systems are affected by CVE-2018-6084?
CVE-2018-6084 affects versions of Google Chrome prior to 66.0.3359.117 on macOS and some Linux distributions.
Can CVE-2018-6084 be exploited remotely?
No, CVE-2018-6084 requires local access for an attacker to exploit the vulnerability.
What does insufficiently sanitized distributed objects mean in CVE-2018-6084?
Insufficiently sanitized distributed objects implies that the Updater in Google Chrome failed to properly handle executable files, leading to potential code execution.
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/title
- agent/references
- agent/weakness
- agent/description
- collector/chrome-releases
- agent/software-canonical-lookup-request
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- vendor/google
- canonical/google chrome
- vendor/apple
- canonical/apple macos
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0