CVE-2017-5038

MEDIUM

Chrome Apps <57.0.2987.98 - Use After Free

Title source: llm

Description

Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

References (6)

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html

[Issue Tracking] https://crbug.com/695476

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2017-0499.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96767

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3810

[Third Party Advisory] https://security.gentoo.org/glsa/201704-02

Scores

CVSS v3 6.3

EPSS 0.0094

EPSS Percentile 76.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Classification

CWE

CWE-416

Status published

Affected Products (7)

google/chrome < 57.0.2987.75

debian/debian_linux

redhat/enterprise_linux_desktop

redhat/enterprise_linux_server

redhat/enterprise_linux_workstation

n/a/Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac < Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac

Timeline

Published Apr 24, 2017

Tracked Since Feb 18, 2026