Home

CVE-2017-15403

Description

Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.

Risk Information

Base Score
7.3
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.094

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Google Chrome (x64) 59.0.3071.115Windows
Multiple vulnerabilities affected in Google Chrome 59.0.3071.115Windows
Multiple vulnerabilities affected in Google Chrome 59.0.3071.115 (For Debian)Linux
Multiple vulnerabilities affected in Google Chrome 59.0.3071.115 (For Centos)Linux
Multiple vulnerabilities affected in Google Chrome 59.0.3071.115 (For RedHat)Linux
Multiple vulnerabilities affected in Google Chrome 59.0.3071.115 (For Suse)Linux
Multiple vulnerabilities affected in Google Chrome 59.0.3071.115 (For Ubuntu)Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343228Google Chrome (x64) (131.0.6778.85, 131.0.6778.86)
PATCH-343227Google Chrome (131.0.6778.85, 131.0.6778.86)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234