Use After Free Vulnerability in Google Chrome Affecting Users
CVE-2017-5058

8.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 58.0.3029.81 For Windows
Vendor
CVE Published:
27 October 2017

Summary

A use after free vulnerability in the PrintPreview feature of Google Chrome versions prior to 58.0.3029.81 for Windows allows remote attackers to exploit this flaw. By crafting a malicious HTML page, an attacker could cause out of bounds memory access, which may lead to arbitrary code execution within the user's browser environment.

Affected Version(s)

Google Chrome prior to 58.0.3029.81 for Windows Google Chrome prior to 58.0.3029.81 for Windows

References

https://access.redhat.com/errata/RHSA-2017:1124
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201705-02
vendor-advisoryx_refsource_GENTOO
http://www.securitytracker.com/id/1038317
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.