CVE-2017-15392Improper Input Validation in Google Chrome

CWE-20Improper Input Validation6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 43.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeDebian Linux
Timeline
PublishedFeb 7
Latest updateMay 14

Description

Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDgoogle/chrome< 62.0.3202.62

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

2
GHSA
GHSA-vv4q-vxg5-8gfj: Insufficient data validation in V8 in Google Chrome prior to 622022-05-14
OSV
CVE-2017-15392: Insufficient data validation in V8 in Google Chrome prior to 622018-02-07

📋Vendor Advisories

1
Red Hat
chromium-browser: incorrect registry key handling in platformintegration2017-10-17

💬Community

2
Bugzilla
CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-20172017-10-18
Bugzilla
CVE-2017-15392 chromium-browser: incorrect registry key handling in platformintegration2017-10-18