Description
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1
Issue Tracking x_refsource_confirm
https://bugs.chromium.org/p/chromium/issues/detail?id=505374
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html
Various Sources x_refsource_misc
http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80
Patch x_refsource_confirm
https://codereview.chromium.org/1233453004
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html
Scores
CVSS v3
8.8
EPSS
0.0181
EPSS Percentile
83.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (3)
google/chrome
< 44.0.2403.89
opensuse/leap
42.1
qt/qt
< 5.5.1
Published
Jan 09, 2018
Tracked Since
Feb 18, 2026