8.8

CVE-2017-5030

Warning
Exploit

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Data is provided by the National Vulnerability Database (NVD)
GoogleChrome Version < 57.0.2987.98
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
GoogleChrome Version < 57.0.2987.108
   GoogleAndroid Version-
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chromium V8 Memory Corruption Vulnerability

Vulnerability

Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 63.05% 0.983
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.debian.org/security/2017/dsa-3810
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/96767
Third Party Advisory
Broken Link
VDB Entry
https://crbug.com/682194
Exploit
Issue Tracking