Heap Corruption Vulnerability in Google Chrome Affects Windows Users
CVE-2017-15392

4.3MEDIUM

Key Information:

Vendor

Google
Status
Google Chrome Prior To 62.0.3202.62
Vendor
CVE Published:
7 February 2018

What is CVE-2017-15392?

A vulnerability in Google Chrome's V8 engine was identified due to insufficient data validation. This flaw allows an attacker with write access to the Windows Registry to craft specific registry entries that lead to heap corruption. This vulnerability raises concerns for users, as it could potentially enable an attacker to execute arbitrary code within the browser. Users are advised to update their Google Chrome installations to mitigate this issue.

Affected Version(s)

Google Chrome prior to 62.0.3202.62 Google Chrome prior to 62.0.3202.62

References

http://www.securityfocus.com/bid/101482
vdb-entryx_refsource_BID
https://chromereleases.googleblog.com/2017/10/stable-chan...
x_refsource_MISC
https://crbug.com/714401
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.