PT-2017-3197 · Google+2 · Google Chrome+2

Publicado

2017-06-15

Atualizado

2025-09-29

CVE-2017-5088

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 59.0.3071.104 for Mac, Windows, and Linux Google Chrome versions prior to 59.0.3071.117 for Android

Description The issue is related to insufficient validation of untrusted input in the V8 component of Google Chrome. This can be exploited by a remote attacker to perform out of bounds memory access using a specially crafted HTML page.

Recommendations For Google Chrome versions prior to 59.0.3071.104 for Mac, Windows, and Linux, update to version 59.0.3071.104 or later. For Google Chrome versions prior to 59.0.3071.117 for Android, update to version 59.0.3071.117 or later. As a temporary workaround, consider restricting access to untrusted HTML pages until the issue is resolved.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALSA-2025_16880

BDU:2017-02629

CVE-2017-5088

DSA-3926-1

MGASA-2017-0317

OPENSUSE-SU-2017:1591-1

OPENSUSE-SU-2017:1593-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

RHSA-2017:1495

RHSA-2017_1495

Produtos afetados

Google Chrome

Opera

Red Hat

PT-2017-3197 · Google+2 · Google Chrome+2

CVE-2017-5088

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2343