CVE-2017-7517 was originally reported as a potential crash in the WebGL rendering engine. However, a later inspection revealed that it is actually a use after free vulnerability in the Ozone rendering engine, which could lead to remote code execution. Ozone is the rendering engine used to render web content, and it is enabled by default in Google Chrome. Google has provided an update for Ozone, version 71.0.3578.23, which should prevent exploitation of this vulnerability. Users are encouraged to update their installations of Google Chrome, as the best security practices should be followed to prevent exploitation of vulnerabilities. After the update, users will no longer be at risk from this issue.
Google Chrome Releases updates to patch 20 CVEs
At the end of 2017, Google Chrome released an update to patch 20 CVEs that were reported in 2016, 2017 and 2018. All of these updates resolved vulnerabilities in various rendering engines. These patches are not considered a high-priority threat to users.
This vulnerability was originally reported as a potential crash in the WebGL rendering engine. However, a later inspection revealed that it is actually a use after free vulnerability in the Ozone rendering engine, which could lead to remote code execution. Ozone is the rendering engine used to render web content, and it is enabled by default in Google Chrome. Google has provided an update for Ozone, version 71.0.3578.23, which should prevent exploitation of this vulnerability. Users are encouraged to update their installations of Google Chrome, as the best security practices should be followed to prevent exploitation of vulnerabilities. After the update, users will no longer be at risk from this issue.>>END>>
Verification of the Vulnerability
Google has verified that the vulnerability is not exploitable in current Google Chrome installations.
What is the Use After Free vulnerability in Ozone?
The vulnerability occurs when an application is using objects from a smart pointer to allocate memory, but the smart pointer was deleted. The heap content is then used, leading to use of freed memory. Ozone could be remotely exploited by users due to this, as it's enabled by default in Google Chrome.
Vulnerability Details
A use after free vulnerability in the Ozone rendering engine has been discovered. This could potentially lead to remote code execution. The CVE-2017-7517 was originally reported as a potential crash in the WebGL rendering engine, but further inspection revealed that it is actually a use after free vulnerability in the Ozone rendering engine. Once exploited, this could lead to remote code execution on an affected device.
This issue affects Google Chrome, and no other products are known to be affected by this issue at this time.
Google has released a new version of Chrome that prevents exploitation of this vulnerability
Google Chrome has released an update for Ozone, version 71.0.3578.23, which should prevent exploitation of this vulnerability. Users are encouraged to update their installations of Google Chrome, as the best security practices should be followed to prevent exploitation of vulnerabilities. After the update, users will no longer be at risk from this issue.
Timeline
Published on: 07/26/2022 22:15:00 UTC
Last modified on: 08/15/2022 11:16:00 UTC