CVE-2017-5012

Published: 27 January 2017

A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
chromium-browser Launchpad, Ubuntu, Debian	artful	Released (56.0.2924.76-0ubuntu2.1343)
	bionic	Released (56.0.2924.76-0ubuntu2.1343)
	cosmic	Released (56.0.2924.76-0ubuntu2.1343)
	precise	Does not exist (precise was ignored)
	trusty	Does not exist (trusty was released [58.0.3029.81-0ubuntu0.14.04.1172])
	upstream	Released (56.0.2924.76)
	xenial	Released (56.0.2924.76-0ubuntu0.16.04.1268)
	yakkety	Released (56.0.2924.76-0ubuntu0.16.10.1335)
	zesty	Released (56.0.2924.76-0ubuntu2.1343)
libv8 Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	precise	Does not exist (precise was needs-triage)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
libv8-3.14 Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Ignored (libv8 not supported)
	cosmic	Ignored (libv8 not supported)
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [libv8 not supported])
	upstream	Needed
	xenial	Ignored (libv8 not supported)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)
oxide-qt Launchpad, Ubuntu, Debian	artful	Released (1.20.4-0ubuntu1)
	bionic	Does not exist
	cosmic	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was released [1.20.4-0ubuntu0.14.04.1])
	upstream	Needs triage
	xenial	Released (1.20.4-0ubuntu0.16.04.1)
	yakkety	Released (1.20.4-0ubuntu0.16.10.1)
	zesty	Released (1.20.4-0ubuntu1)

Notes

Author	Note
mikesalvatore	The Ubuntu Security Team does not support libv8

CVE-2017-5012

Medium

Status

Notes

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading