Use After Free Vulnerability in Google Chrome
CVE-2017-15399

8.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 62.0.3202.89 Unknown
Vendor
CVE Published:
28 August 2018

Summary

A use after free vulnerability in the V8 component of Google Chrome prior to version 62.0.3202.89 enables remote attackers to potentially execute arbitrary code by crafting a malicious HTML page that triggers heap corruption. This flaw can lead to severe security implications, impacting the integrity and confidentiality of user data.

Affected Version(s)

Google Chrome prior to 62.0.3202.89 unknown Google Chrome prior to 62.0.3202.89 unknown

References

https://chromereleases.googleblog.com/2017/11/stable-chan...
x_refsource_MISC
http://www.securityfocus.com/bid/101692
vdb-entryx_refsource_BID
https://www.debian.org/security/2017/dsa-4024
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.