Insufficient Input Validation in Google Chrome Skia Component
CVE-2017-5077

8.8HIGH

Key Information:

Vendor

Google
Status
Google Chrome Prior To 59.0.3071.86 For Linux, Windows And Mac, And 59.0.3071.92 For Android
Vendor
CVE Published:
27 October 2017

What is CVE-2017-5077?

A critical flaw exists in the Skia component of Google Chrome that allows attackers to exploit insufficient validation of untrusted input. This vulnerability enables a remote attacker to perform an out of bounds memory read, which may lead to information disclosure or other unintended behaviors when users visit a specially crafted HTML page. It affects multiple operating systems, including Linux, Windows, Mac, and Android, emphasizing the need for timely updates and patches to safeguard against potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android

References

http://www.securityfocus.com/bid/98861
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1399
vendor-advisoryx_refsource_REDHAT
https://crbug.com/716311
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.