CVE-2017-5009

🗓️ 17 Feb 2017 07:45:00Reported by ChromeType

WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page

Reporter	Title	Published	Views	Family All 55
FreeBSD	chromium -- multiple vulnerabilities	25 Jan 201700:00	–	freebsd
ArchLinux	[ASA-201701-33] chromium: multiple issues	27 Jan 201700:00	–	archlinux
CNVD	Google Chrome WebRTC Out-of-Bounds Memory Access Vulnerability	20 Feb 201700:00	–	cnvd
Cvelist	CVE-2017-5009	17 Feb 201707:45	–	cvelist
Debian	[SECURITY] [DSA 3776-1] chromium-browser security update	31 Jan 201701:24	–	debian
Debian	[SECURITY] [DSA 3776-1] chromium-browser security update	31 Jan 201701:24	–	debian
Debian CVE	CVE-2017-5009	17 Feb 201707:45	–	debiancve
Tenable Nessus	Debian DSA-3776-1 : chromium-browser - security update	31 Jan 201700:00	–	nessus
Tenable Nessus	Fedora 25 : qt5-qtwebengine (2017-58cde32413)	13 Jul 201700:00	–	nessus
Tenable Nessus	Fedora 24 : qt5-qtwebengine (2017-98bed96d12)	24 Jul 201700:00	–	nessus

NVD

Node

google chromeRange≤55.0.2883.87

[
  {
    "product": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android"
      }
    ]
  }
]

Source	Link
debian	www.debian.org/security/2017/dsa-3776
chromereleases	www.chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
security	www.security.gentoo.org/glsa/201701-66
crbug	www.crbug.com/667504
rhn	www.rhn.redhat.com/errata/RHSA-2017-0206.html
securitytracker	www.securitytracker.com/id/1037718
securityfocus	www.securityfocus.com/bid/95792

13 May 2026 00:24Current

8.4High risk

Vulners AI Score8.4

CVSS 26.8

CVSS 38.8

EPSS0.0084

CWE-119