HTTP: Google Chrome WebGL 2 ReadPixels Heap Buffer Overflow
A heap buffer overflow vulnerability has been reported in the WebGL component of Google Chrome. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted webpage. Successful exploitation of the vulnerability could lead to remote code execution under the security context of the target user.
Extended Description
Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Short Name
HTTP:STC:CHROME:CHROME-HEAP-OF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
2 Buffer CVE-2017-5112 Chrome Google Heap Overflow ReadPixels WebGL bid:100610
Release Date
11/23/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3377
False Positive
Unknown
CVSS Score
6.8