Use After Free Vulnerability in Google Chrome for Multiple Platforms
CVE-2017-5098

8.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 60.0.3112.78 For Mac, Windows, Linux And Android
Vendor
CVE Published:
27 October 2017

Summary

A use after free vulnerability has been identified in the V8 component of Google Chrome prior to version 60.0.3112.78. This flaw enables remote attackers to exploit out-of-bounds memory reads through specially crafted HTML content. The use of this vulnerability could potentially lead to unauthorized actions on the affected systems, highlighting the necessity for users to update their browsers to the latest versions to mitigate these risks.

Affected Version(s)

Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android

References

https://security.gentoo.org/glsa/201709-15
vendor-advisoryx_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3926
vendor-advisoryx_refsource_DEBIAN
https://chromereleases.googleblog.com/2017/07/stable-chan...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.