NVD Vulnerability Detail

CVE-2017-15402

Summary	Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Publication Date	Jan. 10, 2019, 4:29 a.m.
Registration Date	Jan. 26, 2021, 1:17 p.m.
Last Update	Nov. 21, 2024, 12:14 p.m.

Affected software configurations

Related information, measures and tools

No	URL	refsource	タグ
1	https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html
2	https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html
3	https://crbug.com/766262
4	https://crbug.com/766262

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

JVN Vulnerability Information

Chrome OS 上で稼動する Google Chrome における入力確認に関する脆弱性

Title	Chrome OS 上で稼動する Google Chrome における入力確認に関する脆弱性
Summary	Chrome OS 上で稼動する Google Chrome には、入力確認に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 27, 2017, midnight
Registration Date	March 8, 2019, 6:17 p.m.
Last Update	March 8, 2019, 6:17 p.m.

Affected System

Google

Google Chrome 62.0.3202.74 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-15402	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15402
2	CVE-2017-15402	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15402
National Vulnerability Database (NVD)
3	CVE-2017-15402	https://nvd.nist.gov/vuln/detail/CVE-2017-15402
4	CVE-2017-15402	https://nvd.nist.gov/vuln/detail/CVE-2017-15402

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html
2	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Chromium
1	Issue 766262	https://crbug.com/766262
2	Issue 766262	https://crbug.com/766262
Google
3	Stable Channel Update for Desktop	https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html
4	Stable Channel Update for Desktop	https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html

Change Log

No	Changed Details	Date of change
1	[2019年03月08日] 掲載	March 8, 2019, 6:17 p.m.