Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2019-01-09T19:00:00

Updated: 2024-08-05T19:57:25.874Z

Reserved: 2017-10-17T00:00:00

Link: CVE-2017-15402

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-01-09T19:29:00.493

Modified: 2024-11-21T03:14:38.510

Link: CVE-2017-15402

cve-icon Redhat

No data.