Stack Buffer Overflow in ICU Library Affecting Google Chrome and Other Products
CVE-2017-15396

6.5MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 62.0.3202.75 Unknown
Vendor
CVE Published:
28 August 2018

Summary

A stack buffer overflow vulnerability in the International Components for Unicode (ICU) library affects C/C++ applications, including Google Chrome. This flaw, discovered in versions prior to 60.2, can allow an attacker to exploit the vulnerability through a specially crafted HTML page, potentially leading to heap corruption. Such exploitation could enable unauthorized access to sensitive system resources, highlighting the need for prompt updates and security measures.

Affected Version(s)

Google Chrome prior to 62.0.3202.75 unknown Google Chrome prior to 62.0.3202.75 unknown

References

http://bugs.icu-project.org/trac/changeset/40494
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:3082
vendor-advisoryx_refsource_REDHAT
https://crbug.com/770452
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.