Google » Chrome : Security Vulnerabilities, CVEs, Published In 2017 (Code Execution) CVSS score >= 2

CVE-2017-5121

Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.
Max CVSS
8.8
EPSS Score
4.58%
Published
2017-10-27
Updated
2022-04-06

CVE-2017-5116

Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
14.30%
Published
2017-10-27
Updated
2022-04-06

CVE-2017-5112

Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
27.52%
Published
2017-10-27
Updated
2017-12-31

CVE-2017-5070

Known exploited
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
22.65%
Published
2017-10-27
Updated
2022-04-06
CISA KEV Added
2022-06-08

CVE-2017-5053

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.
Max CVSS
9.6
EPSS Score
40.01%
Published
2017-10-27
Updated
2022-04-11

CVE-2017-5030

Known exploited
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
56.57%
Published
2017-04-24
Updated
2022-04-22
CISA KEV Added
2022-06-08

CVE-2017-5020

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.
Max CVSS
6.1
EPSS Score
2.85%
Published
2017-02-17
Updated
2018-01-05
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close