CVE-2017-5070
CVE-2017-5070
In short
Google Chrome's V8 JavaScript engine had a type confusion bug that allowed attackers to run malicious code inside the browser's sandbox by tricking it into treating one type of data as another. This could let hackers take control of your browser.
Technical detail
A type confusion vulnerability in V8 allowed remote code execution within the Chrome sandbox via crafted HTML. The attack vector involves a malicious webpage that exploits incorrect type handling in the JavaScript engine, potentially leading to privilege escalation or sandbox escape depending on additional conditions.
Summary generated and translated by AI from the official description.
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for AndroidWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2017:1399https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.htmlhttps://crbug.com/722756https://security.gentoo.org/glsa/201706-20https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5070http://www.securityfocus.com/bid/98861http://www.securitytracker.com/id/1038622