CVE-2017-5030
published 2017-04-24CVE-2017-5030: Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote…
PriorityP182high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
41.60%
98.5th percentile
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| chrome | < 57.0.2987.98 | 57.0.2987.98 | |
| chrome | < 57.0.2987.108 | 57.0.2987.108 | |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation is delivered via a crafted HTML page triggering memory corruption in the V8 JavaScript engine; monitor for suspicious or malformed HTML/JS content targeting Chrome/Chromium-based browsers ↗
- →This vulnerability may affect multiple Chromium-based browsers beyond Chrome, including Microsoft Edge and Opera — broaden detection scope accordingly ↗
- ·Vulnerable versions are Google Chrome prior to 57.0.2987.98 (Linux, Windows, Mac) and prior to 57.0.2987.108 (Android); ensure version-based detection covers both desktop and Android branches ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6w47-3vvr-m9hm: Incorrect handling of complex species in V8 in Google Chrome prior to 57
ghsa_unreviewed·2022-04-30
CVE-2017-5030 [HIGH] CWE-125 GHSA-6w47-3vvr-m9hm: Incorrect handling of complex species in V8 in Google Chrome prior to 57
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
OSV
oxide-qt vulnerabilities
osv·2017-03-29·CVSS 8.8
CVE-2017-5029 [HIGH] oxide-qt vulnerabilities
oxide-qt vulnerabilities
Multiple vulnerabilities were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, spoof
application UI by causing the security status API or webview URL to
indicate the wrong values, bypass security restrictions, cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5033,
CVE-2017-5035, CVE-2017-5037, CVE-2017-5040, CVE-2017-5041, CVE-2017-5044,
CVE-2017-5045, CVE-2017-5046)
OSV
CVE-2017-5030: Incorrect handling of complex species in V8 in Google Chrome prior to 57
osv·2017-03-10·CVSS 8.8
CVE-2017-5030 [HIGH] CVE-2017-5030: Incorrect handling of complex species in V8 in Google Chrome prior to 57
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
VulnCheck
Google Chromium V8 Memory Corruption Vulnerability
vulncheck·2017·CVSS 8.8
CVE-2017-5030 [HIGH] CWE-125 Google Chromium V8 Memory Corruption Vulnerability
Google Chromium V8 Memory Corruption Vulnerability
Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Affected: Google Chromium V8
Required Action: Apply updates per vendor instructions.
Exploitation References: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
Remediation Due: 2022-06-22
CISA
Google Chromium V8 Memory Corruption Vulnerability
cisa·2022-06-08·CVSS 8.8
CVE-2017-5030 [HIGH] CWE-125 Google Chromium V8 Memory Corruption Vulnerability
Vulnerability: Google Chromium V8 Memory Corruption Vulnerability
Affected: Google Chromium V8
Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-5030
Remediation Due Date: 2022-06-22
Ubuntu
Oxide vulnerabilities
vendor_ubuntu·2017-03-29·CVSS 8.8
CVE-2017-5029 [HIGH] Oxide vulnerabilities
Title: Oxide vulnerabilities
Summary: Several security issues were fixed in Oxide.
Multiple vulnerabilities were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, spoof
application UI by causing the security status API or webview URL to
indicate the wrong values, bypass security restrictions, cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5033,
CVE-2017-5035, CVE-2017-5037, CVE-2017-5040, CVE-2017-5041, CVE-2017-5044,
CVE-2017-5045, CVE-2017-5046)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
chromium-browser: memory corruption in v8
vendor_redhat·2017-03-09·CVSS 8.8
CVE-2017-5030 [HIGH] chromium-browser: memory corruption in v8
chromium-browser: memory corruption in v8
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
No detection rules found.
No public exploits indexed.
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Ciberamenazas
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primari
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
# MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi
2024/12/05
Read time: ( words)
Save to Folio
#### Summary
- Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
- MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, prim
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi 2024/12/05 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primarily
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyberbedrohungen
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, prim
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primari
Bugzilla
chromium: various flaws [fedora-all]
bugzilla·2017-03-10·CVSS 8.8
[HIGH] chromium: various flaws [fedora-all]
chromium: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has b
Bugzilla
CVE-2017-5030 chromium-browser: memory corruption in v8
bugzilla·2017-03-10·CVSS 8.8
CVE-2017-5030 [HIGH] CVE-2017-5030 chromium-browser: memory corruption in v8
CVE-2017-5030 chromium-browser: memory corruption in v8
A memory corruption flaw was found in the V8 component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=682194
External References:
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1431051]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2017:0499 https://rhn.redhat.com/errata/RHSA-2017-0499.html
arXiv
SOK: On the Analysis of Web Browser Security
arxiv_fulltext·2021-12-31
SOK: On the Analysis of Web Browser Security
: On the Analysis of Web Browser Security
fancyplain
Rev.
\ of LastPage
Jungwon Lim*,\;
Yonghwi Jin*^ ,\;
Mansour Alharthi,\;
Xiaokuan Zhang,\;
Jinho Jung,\;
Rajat Gupta,\;
Kuilin Li,\;
Daehee Jang^ ,\;
Taesoo Kim\;
Georgia Institute of Technology ^ Theori Inc. ^ Sungshin Women's University
## Abstract
Web browsers are integral parts of everyone's daily life.
They are commonly used
for security-critical and privacy sensitive tasks,
like banking transactions and checking medical records.
Unfortunately,
modern web browsers are
too complex to be bug free
( , 25 million lines of code in Chrome),
and their role as an interface to the cyberspace
makes them an attractive target for attacks.
Accordingly,
web browsers naturally
become an arena for demonstrating
advanced exploitation techni
arXiv
Rethinking Misalignment to Raise the Bar for Heap Pointer Corruption
arxiv_fulltext·2018-08-08
Rethinking Misalignment to Raise the Bar for Heap Pointer Corruption
Rethinking Misalignment to Raise the Bar for Heap Pointer Corruption
Daehee Jang
KAIST
[email protected]
Hojoon Lee
KAIST
[email protected]
Brent Byunghoon Kang
KAIST
[email protected]
Michael Shell
Georgia Institute of Technology
[email protected]
Homer Simpson
Twentieth Century Fox
[email protected]
James Kirk
and Montgomery Scott
Starfleet Academy
[email protected]
\@IEEEpubidpullup9
Permission to freely reproduce all or part
of this paper for noncommercial purposes is granted provided that
copies bear this notice and the full citation on the first
page. Reproduction for commercial purposes is strictly prohibited
without the prior written consent of the Internet Society, the
first-named author (for reproduction of an entire paper only), and
the
http://rhn.redhat.com/errata/RHSA-2017-0499.htmlhttp://www.debian.org/security/2017/dsa-3810http://www.securityfocus.com/bid/96767https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.htmlhttps://crbug.com/682194https://security.gentoo.org/glsa/201704-02https://www.zerodayinitiative.com/advisories/ZDI-20-126/http://rhn.redhat.com/errata/RHSA-2017-0499.htmlhttp://www.debian.org/security/2017/dsa-3810http://www.securityfocus.com/bid/96767https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.htmlhttps://crbug.com/682194https://security.gentoo.org/glsa/201704-02https://www.zerodayinitiative.com/advisories/ZDI-20-126/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5030
2017-04-24
Published
2022-06-08
Added to CISA KEV
Exploited in the wild