Use After Free Vulnerability in PDFium of Google Chrome
CVE-2017-15410

8.8HIGH

Key Information:

Vendor: Google
Status: Google Chrome Prior To 63.0.3239.84 Unknown
Vendor: CVE Published:; 28 August 2018

🔔 Create Google Vulnerability Alert

What is CVE-2017-15410?

A use after free vulnerability in the PDFium component of Google Chrome prior to version 63.0.3239.84 can be exploited by an attacker. By crafting a malicious PDF file, the attacker may trigger heap corruption, potentially compromising the system's security. Users are advised to update their Chrome browser to mitigate this vulnerability and protect against possible exploitation.

Affected Version(s)

Google Chrome prior to 63.0.3239.84 unknown Google Chrome prior to 63.0.3239.84 unknown

References

https://crbug.com/765921

x_refsource_MISC

https://access.redhat.com/errata/RHSA-2017:3401

vendor-advisoryx_refsource_REDHAT

https://security.gentoo.org/glsa/201801-03

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2018
Vulnerability Reserved
Oct 17, 2017

.

CVE-2017-15410 : Use After Free Vulnerability in PDFium of Google Chrome