Integer overflow in Google Chrome

#VU9588 Integer overflow in Google Chrome

Published: 2017-12-07 | Updated: 2021-06-11

Vulnerability identifier: #VU9588

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15422

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Google Chrome
Client/Desktop applications / Web browsers

Vendor: Google

Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to integer overflow in ICU. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation
Update to version 63.0.3239.84.

Vulnerable software versions

Google Chrome: 60.0.3112.90 - 62.0.3202.94

External links
http://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html?utm_source=feed...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

OpenSUSE Linux update for icu

Debian update for icu

Gentoo update for Chromium, Google Chrome

OpenSUSE Linux update for chromium

Arch Linux update for chromium

Multiple vulnerabilities in Google Chrome

Red Hat update for chromium-browser