Heap Buffer Overflow in Google Chrome for Windows
CVE-2017-5112

8.8HIGH

Key Information:

Vendor: Google
Status: Google Chrome Prior To 61.0.3163.79 For Windows
Vendor: CVE Published:; 27 October 2017

Summary

A heap buffer overflow vulnerability in WebGL within Google Chrome versions prior to 61.0.3163.79 for Windows allows an attacker to execute arbitrary code within the browser's sandbox environment. This is achieved through a carefully crafted HTML page, which can exploit the underlying flaw and potentially compromise system integrity.

Affected Version(s)

Google Chrome prior to 61.0.3163.79 for Windows Google Chrome prior to 61.0.3163.79 for Windows

References

https://security.gentoo.org/glsa/201709-15

vendor-advisoryx_refsource_GENTOO

https://access.redhat.com/errata/RHSA-2017:2676

vendor-advisoryx_refsource_REDHAT

http://www.securitytracker.com/id/1039291

vdb-entryx_refsource_SECTRACK

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2017
Vulnerability Reserved
Jan 2, 2017

.