CVE-2018-9433 Information

Description

In ArrayConcatVisitor of builtins-array.cc there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

Reference

https://source.android.com/security/bulletin/2018-07-01