Use After Free Vulnerability in Google Chrome on Multiple Platforms
CVE-2017-5087

8.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 59.0.3071.104 For Mac, Windows And Linux, And 59.0.3071.117 For Android
Vendor
CVE Published:
27 October 2017

Summary

A use after free vulnerability in the Blink rendering engine of Google Chrome allows attackers to perform out-of-bounds memory reads through specially crafted HTML pages. This flaw can potentially lead to information disclosure, enabling unauthorized access to sensitive data and security breaches. The vulnerability affects several versions of Google Chrome across multiple operating systems, including Mac, Windows, Linux, and Android, prompting urgent updates to mitigate exploitation risks.

Affected Version(s)

Google Chrome prior to 59.0.3071.104 for Mac, Windows and Linux, and 59.0.3071.117 for Android Google Chrome prior to 59.0.3071.104 for Mac, Windows and Linux, and 59.0.3071.117 for Android

References

http://www.securitytracker.com/id/1038765
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99096
vdb-entryx_refsource_BID
http://www.debian.org/security/2017/dsa-3926
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.