Use After Free Vulnerability in Google Chrome Affecting Multiple Platforms
CVE-2017-5062

8.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 58.0.3029.81 For Mac, Windows And Linux, And 58.0.3029.83 For Android
Vendor
CVE Published:
27 October 2017

Summary

A vulnerability in Google Chrome, specifically in Chrome Apps, allows remote attackers to potentially exploit a use after free issue. This leads to out of bounds memory access when a specially crafted Chrome extension is executed. The vulnerability affects multiple operating systems, including Mac, Windows, Linux, and Android, particularly in versions prior to 58.0.3029.81 for desktops and 58.0.3029.83 for Android. Users are recommended to update their Chrome installations to mitigate the risk associated with this flaw.

Affected Version(s)

Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android

References

https://access.redhat.com/errata/RHSA-2017:1124
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201705-02
vendor-advisoryx_refsource_GENTOO
http://www.securitytracker.com/id/1038317
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.