Vulnerability in Google Chrome Prior To 57.0.2987.98 For Linux, Windows And Mac, 57.0.2987.108 Android

CVE-2017-5030

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.

EPSS: 0.503 (97.9th percentile) — read the EPSS interpretation.

Affected products

  • N/a Google Chrome Prior To 57.0.2987.98 For Linux, Windows And Mac, 57.0.2987.108 Android — versions Google Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for Android

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: .

Required action: Apply updates per vendor instructions.

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2017-5030?
CVE-2017-5030 is a vulnerability in Google Chrome Prior To 57.0.2987.98 For Linux, Windows And Mac, 57.0.2987.108 Android. Published 2017-04-24.
Is CVE-2017-5030 known to be exploited?
Yes. CVE-2017-5030 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-06-08), indicating it is being actively exploited. 12 public proof-of-concept repositories are indexed.