Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2017-AVI-073
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Google Chrome. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Chrome versions antérieures à 57.0.2987.98 sur Windows, Mac et Linux
Impacted products
Vendor | Product | Description |
---|
References
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [], "affected_systems_content": "\u003cP\u003eGoogle Chrome versions ant\u00e9rieures \u00e0 57.0.2987.98 sur Windows, Mac et Linux\u003c/P\u003e", "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2017-5030", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5030" }, { "name": "CVE-2017-5037", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5037" }, { "name": "CVE-2017-5040", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5040" }, { "name": "CVE-2017-5029", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5029" }, { "name": "CVE-2017-5045", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5045" }, { "name": "CVE-2017-5043", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5043" }, { "name": "CVE-2017-5039", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5039" }, { "name": "CVE-2017-5046", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5046" }, { "name": "CVE-2017-5041", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5041" }, { "name": "CVE-2017-5031", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5031" }, { "name": "CVE-2017-5034", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5034" }, { "name": "CVE-2017-5033", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5033" }, { "name": "CVE-2017-5035", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5035" }, { "name": "CVE-2017-5036", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5036" }, { "name": "CVE-2017-5042", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5042" }, { "name": "CVE-2017-5038", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5038" }, { "name": "CVE-2017-5032", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5032" }, { "name": "CVE-2017-5044", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5044" } ], "initial_release_date": "2017-03-10T00:00:00", "last_revision_date": "2017-03-10T00:00:00", "links": [], "reference": "CERTFR-2017-AVI-073", "revisions": [ { "description": "version initiale.", "revision_date": "2017-03-10T00:00:00.000000" } ], "risks": [ { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Chrome\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Google du 09 mars 2017", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed:+GoogleChromeReleases+(Google+Chrome+Releases)" } ] }
CVE-2017-5035 (GCVE-0-2017-5035)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- incorrect security UI
Summary
Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Windows and Mac |
Version: Google Chrome prior to 57.0.2987.98 for Windows and Mac |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.349Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/688425" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Windows and Mac", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Windows and Mac" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site." } ], "problemTypes": [ { "descriptions": [ { "description": "incorrect security UI", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/688425" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5035", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Windows and Mac", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Windows and Mac" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "incorrect security UI" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "https://crbug.com/688425", "refsource": "CONFIRM", "url": "https://crbug.com/688425" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5035", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.349Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5029 (GCVE-0-2017-5029)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- integer overflow
Summary
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
Version: Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.300Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5" }, { "name": "1038157", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038157" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/676623" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "integer overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5" }, { "name": "1038157", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038157" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/676623" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5029", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "integer overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5", "refsource": "CONFIRM", "url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5" }, { "name": "1038157", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038157" }, { "name": "https://crbug.com/676623", "refsource": "CONFIRM", "url": "https://crbug.com/676623" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5029", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.300Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5046 (GCVE-0-2017-5046)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- insufficient policy enforcement
Summary
V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
Version: Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.392Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/680409" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure." } ], "problemTypes": [ { "descriptions": [ { "description": "insufficient policy enforcement", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/680409" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5046", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "insufficient policy enforcement" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "https://crbug.com/680409", "refsource": "CONFIRM", "url": "https://crbug.com/680409" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5046", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.392Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5036 (GCVE-0-2017-5036)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- use after free
Summary
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
Version: Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.415Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/691371" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file." } ], "problemTypes": [ { "descriptions": [ { "description": "use after free", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/691371" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5036", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "use after free" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "https://crbug.com/691371", "refsource": "CONFIRM", "url": "https://crbug.com/691371" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5036", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.415Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5037 (GCVE-0-2017-5037)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- integer overflow
Summary
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
Version: Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.423Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/679640" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer." } ], "problemTypes": [ { "descriptions": [ { "description": "integer overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/679640" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5037", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "integer overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "https://crbug.com/679640", "refsource": "CONFIRM", "url": "https://crbug.com/679640" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5037", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.423Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5044 (GCVE-0-2017-5044)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- heap buffer overflow
Summary
Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
Version: Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.517Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/688987" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "heap buffer overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/688987" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5044", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "heap buffer overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "https://crbug.com/688987", "refsource": "CONFIRM", "url": "https://crbug.com/688987" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5044", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.517Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5045 (GCVE-0-2017-5045)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
Summary
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
Version: Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.411Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/667079" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/667079" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5045", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "https://crbug.com/667079", "refsource": "CONFIRM", "url": "https://crbug.com/667079" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5045", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.411Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5030 (GCVE-0-2017-5030)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2025-07-30 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- heap buffer overflow
Summary
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for Android |
Version: Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for Android |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.348Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/682194" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2017-5030", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-29T17:17:49.181932Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2022-06-08", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5030" }, "type": "kev" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-30T01:46:29.061Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "timeline": [ { "lang": "en", "time": "2022-06-08T00:00:00+00:00", "value": "CVE-2017-5030 added to CISA KEV" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for Android" } ] } ], "datePublic": "2017-03-09T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "heap buffer overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-15T10:06:11.000Z", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/682194" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5030", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for Android", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for Android" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "heap buffer overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "https://crbug.com/682194", "refsource": "CONFIRM", "url": "https://crbug.com/682194" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5030", "datePublished": "2017-04-24T23:00:00.000Z", "dateReserved": "2017-01-02T00:00:00.000Z", "dateUpdated": "2025-07-30T01:46:29.061Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5033 (GCVE-0-2017-5033)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- insufficient policy enforcement
Summary
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
Version: Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.424Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://twitter.com/Ma7h1as/status/907641276434063361" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/669086" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword." } ], "problemTypes": [ { "descriptions": [ { "description": "insufficient policy enforcement", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://twitter.com/Ma7h1as/status/907641276434063361" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/669086" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5033", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "insufficient policy enforcement" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "https://twitter.com/Ma7h1as/status/907641276434063361", "refsource": "MISC", "url": "https://twitter.com/Ma7h1as/status/907641276434063361" }, { "name": "https://crbug.com/669086", "refsource": "CONFIRM", "url": "https://crbug.com/669086" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5033", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.424Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5038 (GCVE-0-2017-5038)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- use after free
Summary
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac |
Version: Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.368Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/695476" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension." } ], "problemTypes": [ { "descriptions": [ { "description": "use after free", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/695476" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5038", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "use after free" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "https://crbug.com/695476", "refsource": "CONFIRM", "url": "https://crbug.com/695476" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5038", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.368Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5043 (GCVE-0-2017-5043)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- use after free
Summary
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac |
Version: Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.380Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/683523" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension." } ], "problemTypes": [ { "descriptions": [ { "description": "use after free", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/683523" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5043", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "use after free" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "name": "https://crbug.com/683523", "refsource": "CONFIRM", "url": "https://crbug.com/683523" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5043", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.380Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5032 (GCVE-0-2017-5032)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- heap buffer overflow
Summary
PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Windows |
Version: Google Chrome prior to 57.0.2987.98 for Windows |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.369Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/668724" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Windows", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Windows" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." } ], "problemTypes": [ { "descriptions": [ { "description": "heap buffer overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/668724" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5032", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Windows", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Windows" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "heap buffer overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "name": "https://crbug.com/668724", "refsource": "CONFIRM", "url": "https://crbug.com/668724" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5032", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.369Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5040 (GCVE-0-2017-5040)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
Summary
V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
Version: Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.307Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/691323" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/691323" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5040", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "name": "https://crbug.com/691323", "refsource": "CONFIRM", "url": "https://crbug.com/691323" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5040", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.307Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5039 (GCVE-0-2017-5039)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- use after free
Summary
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
Version: Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.345Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/679649" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." } ], "problemTypes": [ { "descriptions": [ { "description": "use after free", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/679649" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5039", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "use after free" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "name": "https://crbug.com/679649", "refsource": "CONFIRM", "url": "https://crbug.com/679649" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5039", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.345Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5042 (GCVE-0-2017-5042)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- insufficient policy enforcement
Summary
Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
Version: Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.398Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/671932" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent." } ], "problemTypes": [ { "descriptions": [ { "description": "insufficient policy enforcement", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/671932" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5042", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "insufficient policy enforcement" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "https://crbug.com/671932", "refsource": "CONFIRM", "url": "https://crbug.com/671932" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5042", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.398Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5041 (GCVE-0-2017-5041)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- incorrect security UI
Summary
Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.100 |
Version: Google Chrome prior to 57.0.2987.100 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.430Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/642490" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.100", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.100" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "incorrect security UI", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/642490" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5041", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.100", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.100" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "incorrect security UI" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "https://crbug.com/642490", "refsource": "CONFIRM", "url": "https://crbug.com/642490" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5041", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.430Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5031 (GCVE-0-2017-5031)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use after free in ANGLE
Summary
A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
References
URL | Tags | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Mozilla | Firefox ESR |
Version: unspecified < 52.1.1 |
||
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.399Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1328762" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/682020" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2017-14/" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "name": "98326", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98326" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "52.1.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "53.0.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "Use after free in ANGLE", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-11T20:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1328762" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/682020" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2017-14/" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "name": "98326", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98326" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5031", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Firefox ESR", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "52.1.1" } ] } }, { "product_name": "Firefox", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "53.0.2" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Use after free in ANGLE" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1328762", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1328762" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "https://crbug.com/682020", "refsource": "CONFIRM", "url": "https://crbug.com/682020" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2017-14/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-14/" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" }, { "name": "98326", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98326" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5031", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.399Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-5034 (GCVE-0-2017-5034)
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- use after free
Summary
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Google Chrome prior to 57.0.2987.98 for Linux and Windows |
Version: Google Chrome prior to 57.0.2987.98 for Linux and Windows |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:47:44.304Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96767" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/678461" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Google Chrome prior to 57.0.2987.98 for Linux and Windows", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Google Chrome prior to 57.0.2987.98 for Linux and Windows" } ] } ], "datePublic": "2017-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file." } ], "problemTypes": [ { "descriptions": [ { "description": "use after free", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96767" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/678461" }, { "name": "RHSA-2017:0499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2017-5034", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Google Chrome prior to 57.0.2987.98 for Linux and Windows", "version": { "version_data": [ { "version_value": "Google Chrome prior to 57.0.2987.98 for Linux and Windows" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "use after free" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "name": "GLSA-201704-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-02" }, { "name": "DSA-3810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3810" }, { "name": "96767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96767" }, { "name": "https://crbug.com/678461", "refsource": "CONFIRM", "url": "https://crbug.com/678461" }, { "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5034", "datePublished": "2017-04-24T23:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2024-08-05T14:47:44.304Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…