Use After Free Vulnerability in PDFium Affecting Google Chrome
CVE-2017-5036

7.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 57.0.2987.98 For Mac, Windows And Linux, And 57.0.2987.108 For Android
Vendor
CVE Published:
24 April 2017

Summary

A use after free vulnerability exists in PDFium within Google Chrome, affecting various operating systems including Mac, Windows, and Linux, as well as Android. This flaw can allow remote attackers to exploit the vulnerability by delivering specially crafted PDF files, potentially leading to unspecified impacts on the user's system. Users are advised to update their browsers to the latest versions to mitigate potential threats.

Affected Version(s)

Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android

References

https://chromereleases.googleblog.com/2017/03/stable-chan...
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201704-02
vendor-advisoryx_refsource_GENTOO
https://crbug.com/691371
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.