Uninitialized Value Vulnerability in Skia Affects Google Chrome
CVE-2017-5103

4.3MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 60.0.3112.78 For Linux, Windows And Mac
Vendor
CVE Published:
27 October 2017

Summary

A vulnerability exists in the Skia library used by Google Chrome that allows a remote attacker to exploit uninitialized memory values. By crafting a specific HTML page, an attacker could potentially access sensitive data from the process memory of affected Chrome installations. This vulnerability impacts multiple operating systems, making it essential for users to update their browsers to the latest version to mitigate the risks associated with this flaw.

Affected Version(s)

Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac

References

https://crbug.com/726199
x_refsource_MISC
https://security.gentoo.org/glsa/201709-15
vendor-advisoryx_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3926
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.