CVE-2017-5070

HIGH KEV

Google Chrome <59.0.3071.86-59.0.3071.92 - RCE

Title source: llm

Description

Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

References (7)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98861

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038622

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1399

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html

[Exploit, Issue Tracking] https://crbug.com/722756

[Third Party Advisory] https://security.gentoo.org/glsa/201706-20

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5070

Scores

CVSS v3 8.8

EPSS 0.7438

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-06-08

VulnCheck KEV 2019-09-24

InTheWild.io 2020-03-25

ENISA EUVD EUVD-2017-14179

CWE

CWE-843

Status published

Products (5)

google/chrome < 59.0.3071.86

n/a/Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_workstation 6.0

Published Oct 27, 2017

KEV Added Jun 08, 2022

Tracked Since Feb 18, 2026