CyberSec.Space Logo
Back to CVE Browser

CVE-2017-5070

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score77.9880%
EPSS Percentile93.89th
PublishedOct 27, 2017
Last ModifiedApr 21, 2026

Vulnerability Description

Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Affected Platforms (CPE)

πŸ“¦
Google

Chrome

< 59.0.3071.86
πŸ“¦
Google

Chrome

< 59.0.3071.92
πŸ’»
Redhat

Enterprise Linux Desktop

= 6.0
πŸ’»
Redhat

Enterprise Linux Server

= 6.0
πŸ’»
Redhat

Enterprise Linux Workstation

= 6.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/98861
πŸ”— http://www.securitytracker.com/id/1038622
πŸ”— https://access.redhat.com/errata/RHSA-2017:1399
πŸ”— https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
πŸ”— https://crbug.com/722756
πŸ”— https://security.gentoo.org/glsa/201706-20
πŸ”— http://www.securityfocus.com/bid/98861
πŸ”— http://www.securitytracker.com/id/1038622

Related Vulnerabilities

CVE-2004-076410.0

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "c...

CVE-2009-247110.0

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers...

CVE-2021-3397010.0

Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.

CVE-2009-266510.0

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when cert...