VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-ky4v-f8sn-b7dj

Essentials
Severities (23)
References (43)
Severity details (14)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-ky4v-f8sn-b7dj
Aliases	CVE-2018-17480
Summary	Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code.
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3.1	8.8	https://access.redhat.com/errata/RHSA-2018:3803
ssvc	Attend	https://access.redhat.com/errata/RHSA-2018:3803
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17480.json
epss	0.26964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.26964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.26964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.26964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.26964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.26964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.26964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.26964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.26964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
cvssv3.1	8.8	https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
ssvc	Attend	https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
cvssv3.1	8.8	https://crbug.com/905940
ssvc	Attend	https://crbug.com/905940
archlinux	Critical	https://security.archlinux.org/AVG-824
cvssv3.1	8.8	https://security.gentoo.org/glsa/201908-18
ssvc	Attend	https://security.gentoo.org/glsa/201908-18
cvssv3.1	8.8	https://www.debian.org/security/2018/dsa-4352
ssvc	Attend	https://www.debian.org/security/2018/dsa-4352
cvssv3.1	8.8	http://www.securityfocus.com/bid/106084
ssvc	Attend	http://www.securityfocus.com/bid/106084

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17480.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-17480
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17480
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17481
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18335
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18336
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18337
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18338
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18339
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18340
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18341
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18342
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18343
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18344
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18345
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18346
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18347
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18348
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18349
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18350
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18351
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18352
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18353
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18354
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18355
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18357
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18358
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18359
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20065
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20066
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20067
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20068
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20070
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20346
106084		http://www.securityfocus.com/bid/106084
1656547		https://bugzilla.redhat.com/show_bug.cgi?id=1656547
905940		https://crbug.com/905940
ASA-201812-2		https://security.archlinux.org/ASA-201812-2
AVG-824		https://security.archlinux.org/AVG-824
dsa-4352		https://www.debian.org/security/2018/dsa-4352
GLSA-201908-18		https://security.gentoo.org/glsa/201908-18
RHSA-2018:3803		https://access.redhat.com/errata/RHSA-2018:3803

Data source	KEV
Date added	June 8, 2022
Description	Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action	Apply updates per vendor instructions.
Due date	June 22, 2022
Note	https://nvd.nist.gov/vuln/detail/CVE-2018-17480
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2018:3803

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:06Z/ Found at https://access.redhat.com/errata/RHSA-2018:3803

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17480.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:06Z/ Found at https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/905940

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:06Z/ Found at https://crbug.com/905940

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201908-18

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:06Z/ Found at https://security.gentoo.org/glsa/201908-18

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2018/dsa-4352

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:06Z/ Found at https://www.debian.org/security/2018/dsa-4352

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/106084

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:06Z/ Found at http://www.securityfocus.com/bid/106084

Exploit Prediction Scoring System (EPSS)

Percentile	0.96331
EPSS Score	0.26964
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:01:58.492673+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/201908-18	38.0.0