Description
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."
References (6)
Core 6
Core References
Not Applicable, Third Party Advisory, VDB Entry x_refsource_misc
http://pwn2own.zerodayinitiative.com/status.html
Press/Media Coverage x_refsource_misc
http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74323
Press/Media Coverage x_refsource_misc
http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14843
Broken Link x_refsource_misc
http://twitter.com/vupen/statuses/177576000761237505
Scores
EPSS
0.0522
EPSS Percentile
91.5%
Details
CWE
CWE-416
Status
published
Products (1)
google/chrome
< 17.0.963.66
Published
Mar 22, 2012
Tracked Since
Feb 18, 2026