Out-of-Bounds Read Vulnerability in Google Chrome Affecting Multiple Platforms
CVE-2017-5054

8.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 57.0.2987.133 For Linux, Windows And Mac, And 57.0.2987.132 For Android
Vendor
CVE Published:
27 October 2017

Summary

An out-of-bounds read vulnerability exists in the V8 engine of Google Chrome versions prior to 57.0.2987.133 on Linux, Windows, and Mac, as well as 57.0.2987.132 on Android. This issue allows remote attackers to gain access to heap memory contents through specially crafted HTML pages. The exploit can potentially disclose sensitive information, making it crucial for users to apply available security updates promptly to mitigate any risks associated with this vulnerability.

Affected Version(s)

Google Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android Google Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android

References

http://www.securityfocus.com/bid/97220
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2017:0860
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201704-02
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.