CVE-2017-5030
CVE-2017-5030
In short
Google Chrome's V8 JavaScript engine had a flaw in how it handled certain complex data structures, allowing attackers to run malicious code on a computer by tricking a user into visiting a specially designed website.
Technical detail
CVE-2017-5030 is an out-of-bounds memory access vulnerability (CWE-125) in V8's handling of complex species during object operations. Remote code execution is achieved through a crafted HTML page delivered via web browser; no authentication or special user privileges are required beyond visiting the malicious page.
Summary generated and translated by AI from the official description.
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for AndroidWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://rhn.redhat.com/errata/RHSA-2017-0499.htmlhttps://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.htmlhttps://crbug.com/682194https://security.gentoo.org/glsa/201704-02https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5030https://www.zerodayinitiative.com/advisories/ZDI-20-126/http://www.debian.org/security/2017/dsa-3810http://www.securityfocus.com/bid/96767