Type Confusion Vulnerability in PDFium of Google Chrome
CVE-2017-5108

8.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 60.0.3112.78 For Mac, Windows, Linux And Android
Vendor
CVE Published:
27 October 2017

Summary

A type confusion vulnerability exists in the PDFium component of Google Chrome versions prior to 60.0.3112.78. This flaw could enable a remote attacker to manipulate objects within a crafted PDF file, potentially leading to unauthorized actions or system compromise. Users of affected Chrome versions are advised to update their browsers to enhance security and mitigate risks associated with this vulnerability.

Affected Version(s)

Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android

References

https://security.gentoo.org/glsa/201709-15
vendor-advisoryx_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3926
vendor-advisoryx_refsource_DEBIAN
https://crbug.com/695830
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.