CyberSec.Space Logo
Back to CVE Browser

CVE-2017-5030

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score28.2200%
EPSS Percentile88.30th
PublishedApr 24, 2017
Last ModifiedApr 21, 2026

Vulnerability Description

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Affected Platforms (CPE)

πŸ“¦
Google

Chrome

< 57.0.2987.98
πŸ“¦
Google

Chrome

< 57.0.2987.108
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Redhat

Enterprise Linux Desktop

= 6.0
πŸ’»
Redhat

Enterprise Linux Server

= 6.0
πŸ’»
Redhat

Enterprise Linux Workstation

= 6.0

References & Advisories

πŸ”— http://rhn.redhat.com/errata/RHSA-2017-0499.html
πŸ”— http://www.debian.org/security/2017/dsa-3810
πŸ”— http://www.securityfocus.com/bid/96767
πŸ”— https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
πŸ”— https://crbug.com/682194
πŸ”— https://security.gentoo.org/glsa/201704-02
πŸ”— https://www.zerodayinitiative.com/advisories/ZDI-20-126/
πŸ”— http://rhn.redhat.com/errata/RHSA-2017-0499.html

Related Vulnerabilities

CVE-2004-076410.0

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "c...

CVE-2009-247110.0

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers...

CVE-2021-3397010.0

Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.

CVE-2009-266510.0

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when cert...