CVE-2017-5119

MEDIUM

Google Chrome <61.0.3163.79-61.0.3163.81 - Info Disclosure

Title source: llm
STIX 2.1

Description

Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

References (7)

Core 7
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201709-15
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2676
Issue Tracking x_refsource_misc
https://crbug.com/725127
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039291
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100610
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3985

Scores

CVSS v3 4.3
EPSS 0.0176
EPSS Percentile 75.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE
CWE-119
Status published
Products (3)
debian/debian_linux 9.0
google/chrome < 61.0.3163.100
n/a/Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android
Published Oct 27, 2017
Tracked Since Feb 18, 2026