Vulnerability Details : CVE-2017-5092
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Vulnerability category: Input validation
Products affected by CVE-2017-5092
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-5092
1.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-5092
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2017-5092
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-5092
-
https://access.redhat.com/errata/RHSA-2017:1833
RHSA-2017:1833 - Security Advisory - Red Hat Customer Portal
-
https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
Chrome Releases: Stable Channel Update for DesktopRelease Notes;Vendor Advisory
-
http://www.debian.org/security/2017/dsa-3926
Debian -- Security Information -- DSA-3926-1 chromium-browserThird Party Advisory
-
http://www.securityfocus.com/bid/99950
Google Chrome Prior to 60.0.3112.78 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201709-15
Chromium: Multiple vulnerabilities (GLSA 201709-15) — Gentoo securityThird Party Advisory;VDB Entry
-
https://crbug.com/733549
733549 - Chrome sandbox escape due to use of invalid PP_Instance in IPC handler OnMsgDidDeleteInProcessInstance - chromium - MonorailExploit;Third Party Advisory
Jump to