CVE-2017-5117Sensitive Information Exposure in Google Chrome

CWE-200Sensitive Information Exposure6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 36.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeDebian Linux
Timeline
PublishedOct 27
Latest updateMay 14

Description

Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDgoogle/chrome< 61.0.3163.79

Also affects: Debian Linux 9.0

🔴Vulnerability Details

2
GHSA
GHSA-vjwj-q38m-7gxf: Use of an uninitialized value in Skia in Google Chrome prior to 612022-05-14
OSV
CVE-2017-5117: Use of an uninitialized value in Skia in Google Chrome prior to 612017-10-27

📋Vendor Advisories

1
Red Hat
chromium-browser: use of uninitialized value in skia2017-09-05

💬Community

2
Bugzilla
CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 chromium: various flaws [fedora-all]2017-09-06
Bugzilla
CVE-2017-5117 chromium-browser: use of uninitialized value in skia2017-09-06