CVE-2017-5116

HIGH

Google Chrome <61.0.3163.79-61.0.3163.81 - RCE

Title source: llm

Description

Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Exploits (2)

github WORKING POC 3,480 stars

by qazbnm456 · poc

https://github.com/qazbnm456/awesome-cve-poc/tree/master/CVE-2017-5116.md

View Code ZIP pw:eip

github WORKING POC 14 stars

by xbl3 · poc

https://github.com/xbl3/awesome-cve-poc_qazbnm456/tree/master/CVE-2017-5116.md

View Code ZIP pw:eip

References (8)

[Third Party Advisory] https://security.gentoo.org/glsa/201709-15

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:2676

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1039291

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100610

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3985

[Various Sources] https://security.googleblog.com/2018/01/android-security-ecosystem-investments.html

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html

[Issue Tracking] https://crbug.com/759624

Scores

CVSS v3 8.8

EPSS 0.5577

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-843

Status published

Products (7)

debian/debian_linux 9.0

debian/debian_linux 10.0

google/chrome < 61.0.3163.79

n/a/Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_workstation 6.0

Published Oct 27, 2017

Tracked Since Feb 18, 2026