Use After Free Vulnerability in WebAudio of Google Chrome
CVE-2017-5129

8.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 62.0.3202.62
Vendor
CVE Published:
7 February 2018

Summary

A use after free vulnerability exists in the WebAudio component of Google Chrome prior to version 62.0.3202.62. This flaw allows remote attackers to exploit the vulnerability through specially crafted HTML pages, enabling them to execute an out of bounds memory read. This can potentially lead to information disclosure and other security risks, making it crucial for users to update to the latest version of Chrome to mitigate the threat.

Affected Version(s)

Google Chrome prior to 62.0.3202.62 Google Chrome prior to 62.0.3202.62

References

http://www.securityfocus.com/bid/101482
vdb-entryx_refsource_BID
https://chromereleases.googleblog.com/2017/10/stable-chan...
x_refsource_MISC
https://crbug.com/765495
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.