Heap Vulnerability in Google Chrome Affecting Multiple Versions
CVE-2017-5133

8.8HIGH

Key Information:

Vendor: Google
Status: Google Chrome Prior To 62.0.3202.62
Vendor: CVE Published:; 7 February 2018

🔔 Create Google Vulnerability Alert

What is CVE-2017-5133?

An off-by-one read/write vulnerability has been identified in the Blink component of Google Chrome versions prior to 62.0.3202.62. This flaw allows remote attackers to corrupt memory, potentially leading to information leakage or arbitrary code execution when a user opens a specially crafted PDF file.

Affected Version(s)

Google Chrome prior to 62.0.3202.62 Google Chrome prior to 62.0.3202.62

References

http://www.securityfocus.com/bid/101482

vdb-entryx_refsource_BID

https://chromereleases.googleblog.com/2017/10/stable-chan...

x_refsource_MISC

https://crbug.com/762106

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2018
Vulnerability Reserved
Jan 2, 2017

.

CVE-2017-5133 : Heap Vulnerability in Google Chrome Affecting Multiple Versions