CVE-2017-5119
MEDIUMGoogle Chrome <61.0.3163.79-61.0.3163.81 - Info Disclosure
Title source: llmDescription
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201709-15
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2676
Issue Tracking x_refsource_misc
https://crbug.com/725127
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039291
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100610
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3985
Release Notes, Vendor Advisory x_refsource_misc
https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html
Scores
CVSS v3
4.3
EPSS
0.0176
EPSS Percentile
75.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-119
Status
published
Products (3)
debian/debian_linux
9.0
google/chrome
< 61.0.3163.100
n/a/Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android
Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android
Published
Oct 27, 2017
Tracked Since
Feb 18, 2026