HTTP: Google Chrome V8 Crankshaft Type Confusion
his signature detects attempts to exploit a known vulnerability against Google Chrome. Successful exploitation could permit an attacker to execute arbitrary code in the Google Chrome sandbox.
Extended Description
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Affected Products
Redhat enterprise_linux_server
References
CVE: CVE-2017-5070
Short Name
HTTP:STC:SCRIPT:GOOGLE-CHRM-TC
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2017-5070 Chrome Confusion Crankshaft Google Type V8
Release Date
09/25/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3796
False Positive
Unknown
Vendors
Redhat
CVSS Score
6.8