SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2018-17472

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page.</p><a id='hideExpand' onclick='showCVSS();' style='color:#08549c;cursor:pointer;font-size:14px;'><b style='font-size:13px'><u>CVSS Score and Metrics </u>+</b></a><a id='hideCollapse' onclick='showCVSS();' style='color:#08549c;cursor:pointer;font-size:14px;'><b style='font-size:13px'><u>CVSS Score and Metrics </u>-</b></a><p></p><table id='hideTable' cellspacing='3' cellpadding='0' border='0' align='left' style='color:#08549C;'><tr><td colspan='2' width='440px'><b style='font-size:13px'>CVSS V3 Severity:</b></td><td colspan = '2' width='320px' align = 'left' valign = 'top'><b style='font-size:13px'>CVSS V2 Severity:</b></td></tr><tr><td colspan='2' width='440px'>CVSS Score : 9.6</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>CVSS Score : 6.8</td></tr><tr><td colspan='2' width='440px'>Exploit Score: 2.8</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Exploit Score: 8.6</td></tr><tr><td colspan='2' width='440px'>Impact Score: 6.0</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Impact Score: 6.4</td></tr><tr><td> </td></tr><tr><td colspan='2' width='440px'><b style='font-size:13px'>CVSS V3 Metrics:</b></td><td colspan = '2' width='320px' align = 'left' valign = 'top'><b style='font-size:13px'>CVSS V2 Metrics:</b></td></tr><tr><td colspan='2' width='440px'>Attack Vector: NETWORK</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Access Vector: NETWORK</td></tr><tr><td colspan='2' width='440px'>Attack Complexity: LOW</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Access Complexity: MEDIUM</td></tr><tr><td colspan='2' width='440px'>Privileges Required: NONE</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Authentication: NONE</td></tr><tr><td colspan='2' width='440px'>User Interaction: REQUIRED</td><td colspan='2' width='320px' align= 'left' valign = 'top'>Confidentiality: PARTIAL</td></tr><tr><td colspan='2' width='440px'>Scope: CHANGED</td><td colspan='2' width='320px' align = 'left' valign = 'top'>Integrity: PARTIAL</td></tr><tr><td colspan='2' width='440px'>Confidentiality: HIGH</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Availability: PARTIAL</td></tr><tr><td colspan='2' width='440px'>Integrity: HIGH</td><td colspan='2' width='320px' align = 'left' valign = 'top'> </td></tr><tr><td colspan='2' width='440px'>Availability: HIGH</td><td colspan='2' width='320px' align = 'left' valign = 'top'> </td></tr><tr><td colspan='2' width='440px'> </td><td colspan='2' width='320px' align = 'left' valign = 'top'> </td></tr></table><table cellspacing='0' border='0' style='color:#08549C'><tr><td width='640px' valign='top'><b style='font-size:13px'>Reference:</b> </td></tr><tr> <td><a href="javascript: openReference('http://www.securityfocus.com/bid/105666')">-105666</a></td> </tr><tr> <td><a href="javascript: openReference('https://security.gentoo.org/glsa/201811-10')">GLSA-201811-10</a></td> </tr><tr> <td><a href="javascript: openReference('https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html')">https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html</a></td> </tr><tr> <td><a href="javascript: openReference('https://crbug.com/822518')">https://crbug.com/822518</a></td> </tr></table></br> </div> </td> </tr> </table> </div> <a href="control.jsp?command=rearrange&selectedId=CPE&relationId=CVE-2018-17472&search=CVE-2018-17472&OVALFilter=&CVEFilter=&CPEFilter=&CCEFilter=&CWEFilter=&XCCDFFilter=&OVAL-RFilter=" style="cursor:pointer;" onmouseOver="showIdsMouseOver('sub1')" onmouseOut="showIdsMouseOut('sub1')"> <div class='relation-div-small' id='sub1' style='left:35%;'> <font color="#08549C"> <table cellpadding="0" cellspacing="0" width="100%" border="0"> <tr> <td align="left"> <font color="#08549C"> <b>CPE</b> </font> <font color="#08549C" size=3> <b>   5</b> </font> </td> </tr> </table> <div id="idDiv1" style="text-overflow:ellipsis;overflow:hidden;width:120px;" > <font size=1> cpe:/o:debian:debian_linux:9.0<br/> cpe:/a:google:chrome<br/> cpe:/o:redhat:enterprise_linux_workstation:6.0<br/> cpe:/o:redhat:enterprise_linux_desktop:6.0<br/> ... </font> </div> </div> </a> <input id="idDivHidden1" name="idDivHidden1" type="hidden" value="cpe:/o:debian:debian_linux:9.0,cpe:/a:google:chrome,cpe:/o:redhat:enterprise_linux_workstation:6.0,cpe:/o:redhat:enterprise_linux_desktop:6.0,,..."> <a href="control.jsp?command=relation&relationId=20&search=20" style="cursor:pointer;" onmouseOver="showIdsMouseOver('sub2')" onmouseOut="showIdsMouseOut('sub2')"> <div class='relation-div-small' id='sub2' style='left:45%;'> <font color="#08549C"> <table cellpadding="0" cellspacing="0" width="100%" border="0"> <tr> <td align="left"> <font color="#08549C"> <b>CWE</b> </font> <font color="#08549C" size=3> <b>   1</b> </font> </td> </tr> </table> <div id="idDiv2" style="text-overflow:ellipsis;overflow:hidden;width:120px;" > <font size=1> CWE-20<br/> </font> </div> </div> </a> <input id="idDivHidden2" name="idDivHidden2" type="hidden" value="CWE-20"> <a href="control.jsp?command=rearrange&selectedId=OVAL&relationId=CVE-2018-17472&search=CVE-2018-17472&OVALFilter=&CVEFilter=&CPEFilter=&CCEFilter=&CWEFilter=&XCCDFFilter=&OVAL-RFilter=" style="cursor:pointer;" onmouseOver="showIdsMouseOver('sub3')" onmouseOut="showIdsMouseOut('sub3')"> <div class='relation-div-small' id='sub3' style='left:55%;'> <font color="#08549C"> <table cellpadding="0" cellspacing="0" width="100%" border="0"> <tr> <td align="left"> <font color="#08549C"> <b>OVAL</b> </font> <font color="#08549C" size=3> <b>   3</b> </font> </td> </tr> </table> <div id="idDiv3" style="text-overflow:ellipsis;overflow:hidden;width:120px;" > <font size=1> oval:org.secpod.oval:def:115569<br/> oval:org.secpod.oval:def:115524<br/> oval:org.secpod.oval:def:603561<br/> </font> </div> </div> </a> <input id="idDivHidden3" name="idDivHidden3" type="hidden" value="oval:org.secpod.oval:def:115569,oval:org.secpod.oval:def:115524,oval:org.secpod.oval:def:603561"> <div style="position:absolute;top:620px;left:540px;clear:both;"> <script> function footer(page){ window.open(page); } </script> <script src="/JavaScriptServlet" type="text/javascript"></script> <p style="clear:both;text-align:center;"> <center><p>© <script>document.write(new Date().getFullYear())</script> SecPod Technologies</p></center> </p> </div> </div> </body> </html>


30430



423868



247621



909



194512



282