CVE-2017-5070
published 2017-10-27CVE-2017-5070: Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute…
PriorityP182high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
31.21%
98.0th percentile
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | < 59.0.3071.86 | 59.0.3071.86 | |
| chrome | < 59.0.3071.92 | 59.0.3071.92 | |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via a crafted HTML page delivered remotely; monitor for sandbox escape attempts originating from browser renderer processes ↗
- →This vulnerability may affect multiple Chromium-based browsers beyond Google Chrome, including Microsoft Edge and Opera — broaden detection scope accordingly ↗
- ·Vulnerable versions are Google Chrome prior to 59.0.3071.86 (Linux/Windows/Mac) and prior to 59.0.3071.92 (Android); detections should target hosts running these or older versions ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g97f-3hrx-c447: Type confusion in V8 in Google Chrome prior to 59
ghsa_unreviewed·2022-05-13
CVE-2017-5070 [HIGH] CWE-843 GHSA-g97f-3hrx-c447: Type confusion in V8 in Google Chrome prior to 59
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Project0
In-the-Wild Series: Chrome Exploits - Project Zero
project_zero·2021-01-01·CVSS 8.8
CVE-2017-5070 [HIGH] In-the-Wild Series: Chrome Exploits - Project Zero
This is part 3 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post.
Posted by Sergei Glazunov, Project Zero
## Introduction
As we continue the series on the watering hole attack discovered in early 2020, in this post we’ll look at the rest of the exploits used by the actor against Chrome. A timeline chart depicting the extracted exploits and affected browser versions is provided below. Different color shades represent different exploit versions.
All vulnerabilities used by the attacker are in V8, Chrome’s JavaScript engine; and more specifically, they are JIT compiler bugs. While classic C++ memory safety issues are still exploited in real-world attacks against we
OSV
CVE-2017-5070: Type confusion in V8 in Google Chrome prior to 59
osv·2017-10-27·CVSS 8.8
CVE-2017-5070 [HIGH] CVE-2017-5070: Type confusion in V8 in Google Chrome prior to 59
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
VulnCheck
Google Chromium V8 Type Confusion Vulnerability
vulncheck·2017·CVSS 8.8
CVE-2017-5070 [HIGH] CWE-843 Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Affected: Google Chromium V8
Required Action: Apply updates per vendor instructions.
Exploitation References: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://ti.qianxin.com/blog/articles/operation-deviltiger-0day-vulnerability-techniques-and-tactics-used-by-apt-q-12-disclosed-en/; https://www.trendmic
CISA
Google Chromium V8 Type Confusion Vulnerability
cisa·2022-06-08·CVSS 8.8
CVE-2017-5070 [HIGH] CWE-843 Google Chromium V8 Type Confusion Vulnerability
Vulnerability: Google Chromium V8 Type Confusion Vulnerability
Affected: Google Chromium V8
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-5070
Remediation Due Date: 2022-06-22
Red Hat
chromium-browser: type confusion in v8
vendor_redhat·2017-06-05·CVSS 8.8
CVE-2017-5070 [HIGH] chromium-browser: type confusion in v8
chromium-browser: type confusion in v8
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
No detection rules found.
No public exploits indexed.
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Ciberamenazas
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primari
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
# MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi
2024/12/05
Read time: ( words)
Save to Folio
#### Summary
- Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
- MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, prim
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi 2024/12/05 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primarily
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyberbedrohungen
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, prim
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primari
Bugzilla
chromium: various flaws [fedora-all]
bugzilla·2017-06-06·CVSS 8.8
[HIGH] chromium: various flaws [fedora-all]
chromium: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has b
Bugzilla
CVE-2017-5070 chromium-browser: type confusion in v8
bugzilla·2017-06-06·CVSS 8.8
CVE-2017-5070 [HIGH] CVE-2017-5070 chromium-browser: type confusion in v8
CVE-2017-5070 chromium-browser: type confusion in v8
A type confusion flaw was found in the V8 component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=722756
External References:
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1459040]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2017:1399 https://access.redhat.com/errata/RHSA-2017:1399
http://www.securityfocus.com/bid/98861http://www.securitytracker.com/id/1038622https://access.redhat.com/errata/RHSA-2017:1399https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.htmlhttps://crbug.com/722756https://security.gentoo.org/glsa/201706-20http://www.securityfocus.com/bid/98861http://www.securitytracker.com/id/1038622https://access.redhat.com/errata/RHSA-2017:1399https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.htmlhttps://crbug.com/722756https://security.gentoo.org/glsa/201706-20https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5070
2017-10-27
Published
2022-06-08
Added to CISA KEV
Exploited in the wild