Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2017-AVI-123
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Chrome versions antérieures à 58.0.3029.81
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Chrome versions ant\u00e9rieures \u00e0 58.0.3029.81\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-5069",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5069"
},
{
"name": "CVE-2017-5062",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5062"
},
{
"name": "CVE-2017-5067",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5067"
},
{
"name": "CVE-2017-5060",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5060"
},
{
"name": "CVE-2017-5063",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5063"
},
{
"name": "CVE-2017-5061",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5061"
},
{
"name": "CVE-2017-5058",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5058"
},
{
"name": "CVE-2017-5057",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5057"
},
{
"name": "CVE-2017-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5064"
},
{
"name": "CVE-2017-5066",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5066"
},
{
"name": "CVE-2017-5059",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5059"
},
{
"name": "CVE-2017-5065",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5065"
}
],
"initial_release_date": "2017-04-20T00:00:00",
"last_revision_date": "2017-04-20T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-123",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Chrome\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 19 avril 2017",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed:+GoogleChromeReleases+(Google+Chrome+Releases)"
}
]
}
CVE-2017-5058 (GCVE-0-2017-5058)
Vulnerability from cvelistv5
Published
2017-10-27 05:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use After Free
Summary
A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Google Chrome prior to 58.0.3029.81 for Windows |
Version: Google Chrome prior to 58.0.3029.81 for Windows |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/694382"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 58.0.3029.81 for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 58.0.3029.81 for Windows"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/694382"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Windows",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Windows"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/694382",
"refsource": "MISC",
"url": "https://crbug.com/694382"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5058",
"datePublished": "2017-10-27T05:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5059 (GCVE-0-2017-5059)
Vulnerability from cvelistv5
Published
2017-10-27 05:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Type Confusion
Summary
Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android |
Version: Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/684684"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Type Confusion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/684684"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type Confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "https://crbug.com/684684",
"refsource": "MISC",
"url": "https://crbug.com/684684"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5059",
"datePublished": "2017-10-27T05:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5069 (GCVE-0-2017-5069)
Vulnerability from cvelistv5
Published
2017-10-27 05:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android |
Version: Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/691726"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/691726"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "https://crbug.com/691726",
"refsource": "MISC",
"url": "https://crbug.com/691726"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5069",
"datePublished": "2017-10-27T05:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5062 (GCVE-0-2017-5062)
Vulnerability from cvelistv5
Published
2017-10-27 05:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use After Free
Summary
A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android |
Version: Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/702896"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/702896"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/702896",
"refsource": "MISC",
"url": "https://crbug.com/702896"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5062",
"datePublished": "2017-10-27T05:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5061 (GCVE-0-2017-5061)
Vulnerability from cvelistv5
Published
2017-10-27 05:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Race
Summary
A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac |
Version: Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/672847"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Race",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/672847"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Race"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/672847",
"refsource": "MISC",
"url": "https://crbug.com/672847"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5061",
"datePublished": "2017-10-27T05:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5057 (GCVE-0-2017-5057)
Vulnerability from cvelistv5
Published
2017-10-27 05:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Type Confusion
Summary
Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android |
Version: Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/695826"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Type Confusion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/695826"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type Confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "https://crbug.com/695826",
"refsource": "MISC",
"url": "https://crbug.com/695826"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5057",
"datePublished": "2017-10-27T05:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5063 (GCVE-0-2017-5063)
Vulnerability from cvelistv5
Published
2017-10-27 05:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-bounds Read
Summary
A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android |
Version: Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/700836"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/700836"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
},
{
"name": "https://crbug.com/700836",
"refsource": "MISC",
"url": "https://crbug.com/700836"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5063",
"datePublished": "2017-10-27T05:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5064 (GCVE-0-2017-5064)
Vulnerability from cvelistv5
Published
2017-10-27 05:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Object Corruption
Summary
Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Google Chrome prior to 58.0.3029.81 for Windows |
Version: Google Chrome prior to 58.0.3029.81 for Windows |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/693974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 58.0.3029.81 for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 58.0.3029.81 for Windows"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Object Corruption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/693974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Windows",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Windows"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Object Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://crbug.com/693974",
"refsource": "MISC",
"url": "https://crbug.com/693974"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5064",
"datePublished": "2017-10-27T05:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5067 (GCVE-0-2017-5067)
Vulnerability from cvelistv5
Published
2017-10-27 05:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac |
Version: Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/648117"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/648117"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "https://crbug.com/648117",
"refsource": "MISC",
"url": "https://crbug.com/648117"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5067",
"datePublished": "2017-10-27T05:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5065 (GCVE-0-2017-5065)
Vulnerability from cvelistv5
Published
2017-10-27 05:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Google Chrome prior to 58.0.3029.81 for Windows and Mac |
Version: Google Chrome prior to 58.0.3029.81 for Windows and Mac |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/704560"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 58.0.3029.81 for Windows and Mac",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 58.0.3029.81 for Windows and Mac"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/704560"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Windows and Mac",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Windows and Mac"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "https://crbug.com/704560",
"refsource": "MISC",
"url": "https://crbug.com/704560"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5065",
"datePublished": "2017-10-27T05:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5060 (GCVE-0-2017-5060)
Vulnerability from cvelistv5
Published
2017-10-27 05:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient Policy Enforcement
Summary
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android |
Version: Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/683314"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Policy Enforcement",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/683314"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Policy Enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "https://crbug.com/683314",
"refsource": "MISC",
"url": "https://crbug.com/683314"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5060",
"datePublished": "2017-10-27T05:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5066 (GCVE-0-2017-5066)
Vulnerability from cvelistv5
Published
2017-10-27 05:00
Modified
2024-08-05 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android |
Version: Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/690821"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2017:1124",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/690821"
},
{
"name": "GLSA-201705-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "https://crbug.com/690821",
"refsource": "MISC",
"url": "https://crbug.com/690821"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5066",
"datePublished": "2017-10-27T05:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…