Google » Chrome : Security Vulnerabilities, CVEs, Published In 2017 (Code Execution) CVSS score >= 6
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.
Max CVSS
8.8
EPSS Score
4.58%
Published
2017-10-27
Updated
2022-04-06
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
14.30%
Published
2017-10-27
Updated
2022-04-06
Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
27.52%
Published
2017-10-27
Updated
2017-12-31
CVE-2017-5070
Known exploited
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
22.65%
Published
2017-10-27
Updated
2022-04-06
CISA KEV Added
2022-06-08
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.
Max CVSS
9.6
EPSS Score
40.01%
Published
2017-10-27
Updated
2022-04-11
CVE-2017-5030
Known exploited
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
8.8
EPSS Score
56.57%
Published
2017-04-24
Updated
2022-04-22
CISA KEV Added
2022-06-08
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.
Max CVSS
6.1
EPSS Score
2.85%
Published
2017-02-17
Updated
2018-01-05
7 vulnerabilities found