First published: Mon Feb 19 2018(Updated: )
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
Credit: Rob Wu cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/chromium-browser | <66.0.3359.117 | 66.0.3359.117 |
Redhat Linux Desktop | =6.0 | |
Redhat Linux Server | =6.0 | |
Redhat Linux Workstation | =6.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Google Chrome | <66.0.3359.117 | |
debian/chromium-browser | ||
Google Chrome | <66.0.3359.117 | 66.0.3359.117 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2018-6101 is a vulnerability in Google Chrome that allows a remote attacker to execute arbitrary code.
CVE-2018-6101 works by exploiting a lack of host validation in DevTools in Google Chrome.
The severity of CVE-2018-6101 is high, with a CVSS score of 7.5.
Versions of Google Chrome prior to 66.0.3359.117 are affected by CVE-2018-6101.
To fix CVE-2018-6101, update Google Chrome to version 66.0.3359.117 or later.