CVE-2017-15392
Publication date 7 February 2018
Last updated 25 August 2025
Ubuntu priority
Description
Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| oxide-qt | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored Ubuntu touch end-of-life | |
| 14.04 LTS trusty | Not in release | |
| chromium-browser | ||
| 18.04 LTS bionic |
Fixed 62.0.3202.62-0ubuntu0.17.10.1380
|
|
| 16.04 LTS xenial |
Fixed 62.0.3202.62-0ubuntu0.16.04.1308
|
|
| 14.04 LTS trusty |
Fixed 62.0.3202.62-0ubuntu0.14.04.1204
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |