Remote Information Disclosure Vulnerability in Google Chrome by Google
CVE-2017-5117

6.5MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 61.0.3163.79 For Linux And Windows
Vendor
CVE Published:
27 October 2017

Summary

A vulnerability exists in Google Chrome due to the use of an uninitialized value in the Skia graphics library. This issue allows a remote attacker to exploit the flaw by crafting a malicious HTML page, potentially gaining access to sensitive information stored in process memory. Users of affected versions on Linux and Windows are advised to update their browser to mitigate this risk.

Affected Version(s)

Google Chrome prior to 61.0.3163.79 for Linux and Windows Google Chrome prior to 61.0.3163.79 for Linux and Windows

References

https://security.gentoo.org/glsa/201709-15
vendor-advisoryx_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:2676
vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id/1039291
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.