6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.037 Low
EPSS
Percentile
91.8%
Google Chrome Releases reports:
35 security fixes in this release, including:
[762930] High CVE-2017-5124: UXSS with MHTML. Reported by
Anonymous on 2017-09-07
[749147] High CVE-2017-5125: Heap overflow in Skia. Reported by
Anonymous on 2017-07-26
[760455] High CVE-2017-5126: Use after free in PDFium. Reported by
Luat Nguyen on KeenLab, Tencent on 2017-08-30
[765384] High CVE-2017-5127: Use after free in PDFium. Reported by
Luat Nguyen on KeenLab, Tencent on 2017-09-14
[765469] High CVE-2017-5128: Heap overflow in WebGL. Reported by
Omair on 2017-09-14
[765495] High CVE-2017-5129: Use after free in WebAudio. Reported by
Omair on 2017-09-15
[718858] High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by
Gaurav Dewan of Adobe Systems India Pvt. Ltd. on 2017-05-05
[722079] High CVE-2017-5130: Heap overflow in libxml2. Reported by
Pranjal Jumde on 2017-05-14
[744109] Medium CVE-2017-5131: Out of bounds write in Skia. Reported by
Anonymous on 2017-07-16
[762106] Medium CVE-2017-5133: Out of bounds write in Skia. Reported by
Aleksandar Nikolic of Cisco Talos on 2017-09-05
[752003] Medium CVE-2017-15386: UI spoofing in Blink. Reported by
WenXu Wu of Tencentβs Xuanwu Lab on 2017-08-03
[756040] Medium CVE-2017-15387: Content security bypass. Reported by
Jun Kokatsu on 2017-08-16
[756563] Medium CVE-2017-15388: Out of bounds read in Skia. Reported by
Kushal Arvind Shah of Fortinetβs FortiGuard Labs on 2017-08-17
[739621] Medium CVE-2017-15389: URL spoofing in Omnibox. Reported by
xisigr of Tencentβs Xuanwu Lab on 2017-07-06
[750239] Medium CVE-2017-15390: URL spoofing in Omnibox. Reported by
Haosheng Wang on 2017-07-28
[598265] Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by
Joao Lucas Melo Brasio on 2016-03-28
[714401] Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
Reported by Xiaoyin Liu on 2017-04-22
[732751] Low CVE-2017-15393: Referrer leak in Devtools. Reported by
Svyat Mitin on 2017-06-13
[745580] Low CVE-2017-15394: URL spoofing in extensions UI. Reported by
Sam on 2017-07-18
[759457] Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by
Johannes Bergman on 2017-08-28
[775550] Various fixes from internal audits, fuzzing and other initiatives
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.037 Low
EPSS
Percentile
91.8%