Blink Vulnerability in Google Chrome Affects Multiple Versions
CVE-2017-15395

6.5MEDIUM

Key Information:

Vendor

Google
Status
Google Chrome Prior To 62.0.3202.62
Vendor
CVE Published:
7 February 2018

What is CVE-2017-15395?

A use after free vulnerability exists in the Blink engine of Google Chrome that can lead to heap corruption. By crafting a malicious HTML page, an attacker may exploit this vulnerability potentially allowing for the execution of arbitrary code or data loss. Users running versions of Google Chrome prior to 62.0.3202.62 are particularly at risk.

Affected Version(s)

Google Chrome prior to 62.0.3202.62 Google Chrome prior to 62.0.3202.62

References

http://www.securityfocus.com/bid/101482
vdb-entryx_refsource_BID
https://crbug.com/759457
x_refsource_MISC
https://chromereleases.googleblog.com/2017/10/stable-chan...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.