CVE-2017-15402 - OpenCVE

Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Chrome Chrome Os

Configuration 1 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html
https://crbug.com/766262

History

No history.

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2019-01-09T19:00:00

Updated: 2024-08-05T19:57:25.874Z

Reserved: 2017-10-17T00:00:00

Link: CVE-2017-15402

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-01-09T19:29:00.493

Modified: 2023-11-07T02:39:41.087

Link: CVE-2017-15402

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Chrome", "vendor": "Google", "versions": [{"lessThan": "62.0.3202.74", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."}], "problemTypes": [{"descriptions": [{"description": "Inappropriate implementation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-09T18:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://crbug.com/766262"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2017-15402", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Chrome", "version": {"version_data": [{"version_affected": "<", "version_value": "62.0.3202.74"}]}}]}, "vendor_name": "Google"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Inappropriate implementation"}]}]}, "references": {"reference_data": [{"name": "https://crbug.com/766262", "refsource": "MISC", "url": "https://crbug.com/766262"}, {"name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:57:25.874Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://crbug.com/766262"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-15402", "datePublished": "2019-01-09T19:00:00", "dateReserved": "2017-10-17T00:00:00", "dateUpdated": "2024-08-05T19:57:25.874Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "53FF6039-F9B6-4C98-A6AA-BD2C24895042", "versionEndExcluding": "62.0.3202.74", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "5ACCACAF-7BD6-4C0A-8E6A-67E13D5E341D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."}, {"lang": "es", "value": "La utilizaci\u00f3n de un identificador que puede ser controlado por un renderizador que permite a cualquier trama sobreescribir el par\u00e1metro page_state de cualquier otra trama en el mismo proceso en \"Navigation\" en Google Crome en Chrome OS, en versiones anteriores a la 62.0.3202.74, permiti\u00f3 a un atacante remoto, que hab\u00eda comprometido el proceso del renderizador, realizar un sandbox esape mediante una p\u00e1gina HTML manipulada."}], "id": "CVE-2017-15402", "lastModified": "2023-11-07T02:39:41.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-09T19:29:00.493", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://crbug.com/766262"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}