CVE-2017-5030
Publication date 10 March 2017
Last updated 21 August 2024
Ubuntu priority
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | ||
| 18.04 LTS bionic |
Fixed 57.0.2987.98-0ubuntu1.1348
|
|
| 16.04 LTS xenial |
Fixed 57.0.2987.98-0ubuntu0.16.04.1276
|
|
| 14.04 LTS trusty |
Fixed 58.0.3029.81-0ubuntu0.14.04.1172
|
|
| libv8 | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| libv8-3.14 | ||
| 18.04 LTS bionic | Ignored libv8 not supported | |
| 16.04 LTS xenial | Ignored libv8 not supported | |
| 14.04 LTS trusty | Not in release | |
| oxide-qt | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial |
Fixed 1.21.5-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty |
Fixed 1.21.5-0ubuntu0.14.04.1
|
|
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3236-1
- Oxide vulnerabilities
- 29 March 2017