CVE-2017-5103
Publication date 27 October 2017
Last updated 25 August 2025
Ubuntu priority
Description
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | ||
| 18.04 LTS bionic |
Fixed 60.0.3112.78-0ubuntu1.1363
|
|
| 16.04 LTS xenial |
Fixed 60.0.3112.78-0ubuntu0.16.04.1293
|
|
| 14.04 LTS trusty |
Fixed 60.0.3112.78-0ubuntu0.14.04.1190
|
|
| oxide-qt | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored Ubuntu touch end-of-life | |
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |