CVE-2017-5053
Published: 27 October 2017
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.
Priority
Medium
CVSS 3 base score: 9.6
Status
| Package | Release | Status |
|---|---|---|
|
chromium-browser Launchpad, Ubuntu, Debian |
Upstream |
Released
(57.0.2987.133)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(58.0.3029.81-0ubuntu2.1350)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(58.0.3029.81-0ubuntu0.16.04.1277)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [58.0.3029.81-0ubuntu0.14.04.1172])
|
|
|
libv8 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
libv8-3.14 Launchpad, Ubuntu, Debian |
Upstream |
Needed
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(libv8 not supported)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(libv8 not supported)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [libv8 not supported])
|
|
|
oxide-qt Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(Ubuntu touch end-of-life)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [Ubuntu touch end-of-life])
|