PT-2017-16765 · W3C · W3C High Resolution Time Api

Published

2017-02-27

Updated

2021-09-13

CVE-2017-5928

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions W3C High Resolution Time API (affected versions not specified)

Description The issue concerns the W3C High Resolution Time API implementation in web browsers, where memory-reference times can be measured using a performance.now "Time to Tick" approach. This allows remote attackers to conduct AnC attacks via crafted JavaScript code, despite the presence of a protection mechanism.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-5928

Affected Products

W3C High Resolution Time Api

PT-2017-16765 · W3C · W3C High Resolution Time Api

CVE-2017-5928

Related Identifiers

Affected Products

References · 4