CVE-2017-5107

🗓️ 27 Oct 2017 05:00:00Reported by ChromeType

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 allowed remote extraction of pixel values from cross-origin page iframe'd via crafted HTML page

Reporter	Title	Published	Views	Family All 61
FreeBSD	chromium -- multiple vulnerabilities	25 Jul 201700:00	–	freebsd
ArchLinux	[ASA-201707-29] chromium: multiple issues	27 Jul 201700:00	–	archlinux
CNVD	Google Chrome Information Disclosure Vulnerability (CNVD-2017-33593)	30 Oct 201700:00	–	cnvd
Cvelist	CVE-2017-5107	27 Oct 201705:00	–	cvelist
Debian	[SECURITY] [DSA 3926-1] chromium-browser security update	4 Aug 201721:00	–	debian
Debian	[SECURITY] [DSA 3926-1] chromium-browser security update	4 Aug 201721:00	–	debian
Debian CVE	CVE-2017-5107	27 Oct 201705:00	–	debiancve
Tenable Nessus	Debian DSA-3926-1 : chromium-browser - security update	7 Aug 201700:00	–	nessus
Tenable Nessus	Fedora 27 : qt5-qtwebengine (2017-4f9bb0861b)	15 Jan 201800:00	–	nessus
Tenable Nessus	Fedora 25 : qt5-qtwebengine (2017-580f91f6b0)	27 Nov 201700:00	–	nessus

NVD

Node

google chromeRange<60.0.3112.78

AND

apple macosMatch-

linux linux_kernelMatch-

microsoft windowsMatch-

Node

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_workstationMatch6.0

[
  {
    "product": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2017:1833
crbug	www.crbug.com/686253
chromereleases	www.chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
securityfocus	www.securityfocus.com/bid/99950
debian	www.debian.org/security/2017/dsa-3926
security	www.security.gentoo.org/glsa/201709-15

13 May 2026 00:24Current

5.6Medium risk

Vulners AI Score5.6

CVSS 22.6

CVSS 3.15.3

EPSS0.00325

CWE-203