cbcvebase.
CVE-2017-5116
published 2017-10-27

CVE-2017-5116: Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute…

PriorityP353high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
12.67%
95.8th percentile
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Affected

7 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
googlechrome< 61.0.3163.7961.0.3163.79
googlechrome< 61.0.3163.8161.0.3163.81
redhatenterprise_linux_desktop
redhatenterprise_linux_server
redhatenterprise_linux_workstation

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via a crafted HTML page delivered remotely, targeting the V8 JavaScript engine in Google Chrome; monitor for exploitation attempts through web content delivery
  • Type confusion flaw in the V8 component of Chromium; focus detection on anomalous V8 engine behavior or sandbox escape activity in Chrome processes
  • ·Vulnerability affects Google Chrome prior to 61.0.3163.79 on Mac, Windows, and Linux, and prior to 61.0.3163.81 on Android; ensure version-based detection covers both desktop and Android branches
  • ·Upstream Chromium issue tracker reference for this CVE is bug 759624; may contain additional technical details if access is available

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.