CVE-2017-15393

HIGH

Google Chrome < 62.0.3202.62 - Exposure to Wrong Actor

Title source: rule

Description

Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.

References (6)

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:2997

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html

[Issue Tracking] https://crbug.com/732751

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101482

[Third Party Advisory] https://www.debian.org/security/2017/dsa-4020

[Third Party Advisory] https://security.gentoo.org/glsa/201710-24

Scores

CVSS v3 8.8

EPSS 0.0126

EPSS Percentile 79.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (3)

google/chrome < 62.0.3202.62

debian/debian_linux

Timeline

Published Feb 07, 2018

Tracked Since Feb 18, 2026