CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
97.3%
Severity: Critical
Date : 2017-03-31
CVE-ID : CVE-2017-5052 CVE-2017-5053 CVE-2017-5054 CVE-2017-5055
CVE-2017-5056
Package : chromium
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-231
The package chromium before version 57.0.2987.133-1 is vulnerable to
arbitrary code execution.
Upgrade to 57.0.2987.133-1.
The problems have been fixed upstream in version 57.0.2987.133.
None.
An invalid cast vulnerability has been found in the Blink component of
the Chromium browser.
An out of bounds memory access vulnerability has been found in the V8
component of the Chromium browser.
A heap buffer overflow vulnerability has been found in the V8 component
of the Chromium browser.
A use-after-free vulnerability has been found in the printing component
of the Chromium browser.
A use-after-free vulnerability has been found in the Blink component of
the Chromium browser.
A remote attacker can execute arbitrary code on the affected host.
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html
https://bugs.chromium.org/p/chromium/issues/detail?id=662767
https://bugs.chromium.org/p/chromium/issues/detail?id=702058
https://bugs.chromium.org/p/chromium/issues/detail?id=699166
https://bugs.chromium.org/p/chromium/issues/detail?id=698622
https://bugs.chromium.org/p/chromium/issues/detail?id=705445
https://security.archlinux.org/CVE-2017-5052
https://security.archlinux.org/CVE-2017-5053
https://security.archlinux.org/CVE-2017-5054
https://security.archlinux.org/CVE-2017-5055
https://security.archlinux.org/CVE-2017-5056
bugs.chromium.org/p/chromium/issues/detail?id=662767
bugs.chromium.org/p/chromium/issues/detail?id=698622
bugs.chromium.org/p/chromium/issues/detail?id=699166
bugs.chromium.org/p/chromium/issues/detail?id=702058
bugs.chromium.org/p/chromium/issues/detail?id=705445
chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html
security.archlinux.org/AVG-231
security.archlinux.org/CVE-2017-5052
security.archlinux.org/CVE-2017-5053
security.archlinux.org/CVE-2017-5054
security.archlinux.org/CVE-2017-5055
security.archlinux.org/CVE-2017-5056
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
97.3%