CVE-2017-15404 — Time-of-check Time-of-use (TOCTOU) Race Condition in Google Chrome

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition2 documents2 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 97.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedJan 9

Latest updateMay 13

Description

An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5google/chromeunspecified — 61.0.3163.113

▶NVDgoogle/chrome< 61.0.3163.113

🔴Vulnerability Details

GHSA

GHSA-3gxj-93jf-h822: An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Report↗2022-05-13

▶