CVE-2017-15392

MEDIUM

Google Chrome < 62.0.3202.62 - Heap Corruption via Crafted Windows Registry Entry

Title source: llm
STIX 2.1

Description

Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101482
Issue Tracking x_refsource_misc
https://crbug.com/714401
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-4020
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2997
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201710-24

Scores

CVSS v3 4.3
EPSS 0.0084
EPSS Percentile 53.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-20
Status published
Products (3)
debian/debian_linux 8.0
debian/debian_linux 9.0
google/chrome < 62.0.3202.62
Published Feb 07, 2018
Tracked Since Feb 18, 2026