Use After Free Vulnerability in PDFium Affecting Google Chrome
CVE-2017-5039

7.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 57.0.2987.98 For Mac, Windows And Linux, And 57.0.2987.108 For Android
Vendor
CVE Published:
24 April 2017

Summary

A flaw has been discovered in the PDFium component of Google Chrome, which can lead to use after free vulnerabilities. This exploitable condition exists in versions prior to 57.0.2987.98 for desktop operating systems (Mac, Windows, Linux) and prior to 57.0.2987.108 for Android. Attackers could potentially leverage this vulnerability through specially crafted PDF files, leading to heap corruption and unauthorized actions within the browser.

Affected Version(s)

Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android

References

https://chromereleases.googleblog.com/2017/03/stable-chan...
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201704-02
vendor-advisoryx_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3810
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.