This issue has been fixed by updating V8 to version 6.2.350.15.
CVE-2017-5667 In all versions of Google Chrome prior to 75.0.3770.80, data could be received from a malicious web site through cross-origin redirects even though the origin of the message was not relevant to the message's critical path. A remote attacker could use this flaw to cross-origin exploit a web application and send data to the server without restriction.
CVE-2017-5666 In all versions of Google Chrome prior to 75.0.3770.80, a remote attacker could potentially use rendering issues on Mac OS X to bypass sandbox restrictions and read data from another origin through cross-origin redirects.
CVE-2017-5664 In all versions of Google Chrome prior to 75.0.3770.80, a remote attacker could potentially bypass security restrictions on other origins through cross-origin redirects.
CVE-2017-5663 In all versions of Google Chrome prior to 75.0.3770.80, a remote attacker could potentially bypass security restrictions on other origins through cross-origin redirects.
CVE-2017-5662 In all versions of Google Chrome prior to 75.0.3770.80, a remote attacker could potentially bypass security restrictions on other origins through cross-origin redirects.
CVE-2017-5661 In all versions of Google Chrome prior to 75
^ Severity and scope of issue ^
CVE-2017-5660 In all versions of Google Chrome prior to 75.0.3770.80, a remote attacker could potentially bypass security restrictions on other origins through cross-origin redirects.
CVE-2017-5655 In all versions of Google Chrome prior to 75.0.3770.80, a remote attacker could potentially use a maliciously crafted extension to conduct spoofing attacks and obtain sensitive information from another origin in violation of same origin policy.
^ ^
^
This issue has been fixed by updating V8 to version 6.2.350.15.
Timeline
Published on: 04/05/2022 01:15:00 UTC
Last modified on: 04/11/2022 09:36:00 UTC