CVE-2018-6162

Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Weakness

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Affected Software

Potential Mitigations

• Make fields transient to protect them from deserialization.
• An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/586.html

References

• http://www.securityfocus.com/bid/104887
• https://access.redhat.com/errata/RHSA-2018:2282
• https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
• https://crbug.com/804123
• https://security.gentoo.org/glsa/201808-01
• https://www.debian.org/security/2018/dsa-4256
• http://www.securityfocus.com/bid/104887
• https://access.redhat.com/errata/RHSA-2018:2282
• https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
• https://crbug.com/804123
• https://security.gentoo.org/glsa/201808-01
• https://www.debian.org/security/2018/dsa-4256