PT-2017-3248 · Google+4 · Skia+5

Publicado

2017-06-05

·

Atualizado

2024-06-15

·

CVE-2017-5077

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 59.0.3071.86 for Linux, Windows, and Mac Google Chrome versions prior to 59.0.3071.92 for Android
Description The issue exists due to insufficient validation of untrusted input in the Skia graphics library of Google Chrome. This allows a remote attacker to perform an out of bounds memory read via a specially crafted HTML page.
Recommendations For Google Chrome versions prior to 59.0.3071.86 for Linux, Windows, and Mac, update to version 59.0.3071.86 or later. For Google Chrome versions prior to 59.0.3071.92 for Android, update to version 59.0.3071.92 or later. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until a patch is applied.

Exploit

Correção

RCE

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-125

Identificadores relacionados

ALT-PU-2017-1713
BDU:2017-02682
CVE-2017-5077
MGASA-2017-0317
OPENSUSE-SU-2017:1501-1
OPENSUSE-SU-2017:1502-1
OPENSUSE-SU-2017_1502-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
RHSA-2017:1399
RHSA-2017_1399

Produtos afetados

Alt Linux
Google Chrome
Opera
Red Hat
Skia
Suse