Stack Buffer Overflow in ICU Library Affecting Google Chrome and Other Products
CVE-2017-15396

6.5MEDIUM

Key Information:

Vendor

Google
Status
Google Chrome Prior To 62.0.3202.75 Unknown
Vendor
CVE Published:
28 August 2018

What is CVE-2017-15396?

A stack buffer overflow vulnerability in the International Components for Unicode (ICU) library affects C/C++ applications, including Google Chrome. This flaw, discovered in versions prior to 60.2, can allow an attacker to exploit the vulnerability through a specially crafted HTML page, potentially leading to heap corruption. Such exploitation could enable unauthorized access to sensitive system resources, highlighting the need for prompt updates and security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Google Chrome prior to 62.0.3202.75 unknown Google Chrome prior to 62.0.3202.75 unknown

References

http://bugs.icu-project.org/trac/changeset/40494
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:3082
vendor-advisoryx_refsource_REDHAT
https://crbug.com/770452
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.