Exploitation Summary
CVE-2017-5070 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022.
Description
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
References (7)
Core 7
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5070
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98861
Exploit, Issue Tracking x_refsource_misc
https://crbug.com/722756
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1399
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038622
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201706-20
Release Notes, Vendor Advisory x_refsource_misc
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
Scores
CVSS v3
8.8
EPSS
0.7438
EPSS Percentile
98.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-06-08
VulnCheck KEV
2019-09-24
InTheWild.io
2020-03-25
ENISA EUVD
EUVD-2017-14179
CWE
CWE-843
Status
published
Products (5)
google/chrome
< 59.0.3071.86
n/a/Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android
Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_workstation
6.0
Published
Oct 27, 2017
KEV Added
Jun 08, 2022
Tracked Since
Feb 18, 2026