PT-2017-3230 · Google+4 · Google Chrome+4

Publicado

2017-06-05

·

Atualizado

2024-06-15

·

CVE-2017-5073

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 59.0.3071.86 for Linux, Windows, and Mac Google Chrome versions prior to 59.0.3071.92 for Android
Description The issue is related to a use after free in the print preview feature in Blink, allowing a remote attacker to perform an out of bounds memory read via a crafted HTML page. This could be achieved by exploiting the vulnerability with a specially formed HTML page.
Recommendations For Google Chrome versions prior to 59.0.3071.86 for Linux, Windows, and Mac, update to version 59.0.3071.86 or later. For Google Chrome versions prior to 59.0.3071.92 for Android, update to version 59.0.3071.92 or later. As a temporary workaround, consider disabling the print preview feature in Blink until a patch is available.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2017-1713
BDU:2017-02664
CVE-2017-5073
MGASA-2017-0317
OPENSUSE-SU-2017:1501-1
OPENSUSE-SU-2017:1502-1
OPENSUSE-SU-2017_1502-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
RHSA-2017:1399
RHSA-2017_1399

Produtos afetados

Alt Linux
Google Chrome
Opera
Red Hat
Suse