CVE-2017-5059
Google Chrome List Item Marker Type Confusion Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.
Una confusión de tipos en Blink en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac y a la 58.0.3029.83 para Android, permitía que un atacante remoto pudiese ejecutar código mediante una página HTML manipulada.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of list item markers. It's possible to trigger a type confusion condition by manipulating a document's elements. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-01-02 CVE Reserved
- 2017-04-25 CVE Published
- 2024-01-31 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/97939 | Vdb Entry | |
| http://www.securitytracker.com/id/1038317 | Vdb Entry | |
| https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html | X_refsource_misc | |
| https://crbug.com/684684 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:1124 | 2023-11-07 | |
| https://security.gentoo.org/glsa/201705-02 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2017-5059 | 2017-04-25 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1443837 | 2017-04-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 58.0.3029.81 Search vendor "Google" for product "Chrome" and version " < 58.0.3029.81" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 58.0.3029.81 Search vendor "Google" for product "Chrome" and version " < 58.0.3029.81" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 58.0.3029.81 Search vendor "Google" for product "Chrome" and version " < 58.0.3029.81" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 58.0.3029.83 Search vendor "Google" for product "Chrome" and version " < 58.0.3029.83" | - |
Affected
| in | Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | - | - |
Safe
|
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||