Integer Overflow in Date Handling for International Components in Google Chrome and More
CVE-2017-15422

6.5MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 63.0.3239.84 Unknown
Vendor
CVE Published:
28 August 2018

Summary

An integer overflow vulnerability exists in the international date handling of the International Components for Unicode (ICU) library, impacting various products including Google Chrome. This flaw can be exploited by remote attackers via specially crafted HTML content, potentially allowing them to perform an out-of-bounds memory read, which could lead to data exposure or other security breaches.

Affected Version(s)

Google Chrome prior to 63.0.3239.84 unknown Google Chrome prior to 63.0.3239.84 unknown

References

https://www.debian.org/security/2018/dsa-4150
vendor-advisoryx_refsource_DEBIAN
https://crbug.com/774382
x_refsource_MISC
https://usn.ubuntu.com/3610-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.