Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
https://www.zerodayinitiative.com/advisories/ZDI-19-367/
https://www.exploit-db.com/exploits/44584/
https://www.debian.org/security/2018/dsa-4182
https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html