Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Chrome
Published: 2019-01-09T19:00:00
Updated: 2024-08-05T19:57:25.874Z
Reserved: 2017-10-17T00:00:00
Link: CVE-2017-15402
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-01-09T19:29:00.493
Modified: 2024-11-21T03:14:38.510
Link: CVE-2017-15402
Redhat
No data.