Heap Corruption Vulnerability in Google Chrome by Google
CVE-2017-5064

8.8HIGH

Key Information:

Vendor: Google
Status: Google Chrome Prior To 58.0.3029.81 For Windows
Vendor: CVE Published:; 27 October 2017

🔔 Create Google Vulnerability Alert

What is CVE-2017-5064?

A vulnerability exists in Google Chrome due to improper handling of DOM changes in the Blink rendering engine prior to version 58.0.3029.81, potentially allowing remote attackers to exploit heap corruption via specially crafted HTML pages. This exploitation can lead to unexpected behavior in the browser and may compromise user data.

Affected Version(s)

Google Chrome prior to 58.0.3029.81 for Windows Google Chrome prior to 58.0.3029.81 for Windows

References

https://access.redhat.com/errata/RHSA-2017:1124

vendor-advisoryx_refsource_REDHAT

https://security.gentoo.org/glsa/201705-02

vendor-advisoryx_refsource_GENTOO

http://www.securitytracker.com/id/1038317

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2017
Vulnerability Reserved
Jan 2, 2017

.

CVE-2017-5064 : Heap Corruption Vulnerability in Google Chrome by Google