CVE-2017-15428 — Out-of-bounds Read in Google Chrome

CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

8.8HIGHNVD

EPSS

27.2%

top 3.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedJan 9

Latest updateMay 14

Description

Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5google/chromeunspecified — 62.0.3202.94

▶NVDgoogle/chrome< 62.0.3202.94

🔴Vulnerability Details

GHSA

GHSA-6723-6vgh-jm2c: Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62↗2022-05-14

▶

OSV

CVE-2017-15428: Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62↗2019-01-09

▶