Use After Free Vulnerability in IndexedDB of Google Chrome
CVE-2017-5091

8.8HIGH

Key Information:

Vendor: Google
Status: Google Chrome Prior To 60.0.3112.78 For Linux, Android, Windows And Mac
Vendor: CVE Published:; 27 October 2017

🔔 Create Google Vulnerability Alert

What is CVE-2017-5091?

A use after free vulnerability exists in the IndexedDB component of Google Chrome, allowing attackers to read memory out of bounds. This can be exploited via specially crafted HTML pages, potentially leading to information disclosure and other malicious actions on affected systems, including Linux, Android, Windows, and Mac.

Affected Version(s)

Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows and Mac Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows and Mac

References

https://crbug.com/728887

x_refsource_MISC

https://security.gentoo.org/glsa/201709-15

vendor-advisoryx_refsource_GENTOO

http://www.debian.org/security/2017/dsa-3926

vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2017
Vulnerability Reserved
Jan 2, 2017

.

CVE-2017-5091 : Use After Free Vulnerability in IndexedDB of Google Chrome