PT-2017-3197 · Google+2 · Google Chrome+2

Published

2017-06-15

Updated

2025-09-29

CVE-2017-5088

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 59.0.3071.104 for Mac, Windows, and Linux Google Chrome versions prior to 59.0.3071.117 for Android

Description The issue is related to insufficient validation of untrusted input in the V8 component of Google Chrome. This can be exploited by a remote attacker to perform out of bounds memory access using a specially crafted HTML page.

Recommendations For Google Chrome versions prior to 59.0.3071.104 for Mac, Windows, and Linux, update to version 59.0.3071.104 or later. For Google Chrome versions prior to 59.0.3071.117 for Android, update to version 59.0.3071.117 or later. As a temporary workaround, consider restricting access to untrusted HTML pages until the issue is resolved.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025_16880

BDU:2017-02629

CVE-2017-5088

DSA-3926-1

MGASA-2017-0317

OPENSUSE-SU-2017:1591-1

OPENSUSE-SU-2017:1593-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

RHSA-2017:1495

RHSA-2017_1495

Affected Products

Google Chrome

Opera

Red Hat

PT-2017-3197 · Google+2 · Google Chrome+2

CVE-2017-5088

Weakness Enumeration

Related Identifiers

Affected Products

References · 2343