Rule Category

BROWSER-CHROME -- Snort has detected suspicious traffic known to exploit vulnerabilities present in the Chrome browser. These rules are separate from the "browser-webkit" category; while it uses the Webkit rendering engine, there's a lot of other features to create a secondary Chrome category.

Alert Message

BROWSER-CHROME Google Chrome Javascript V8 Array.indexOf information leak attempt

Rule Explanation

This event is generated when an attempt to exploit Google Chrome via CVE-2017-5040 is detected. Impact: Attempted User Privilege Gain Details: A vulnerability exists in Google Chrome Browser's Javascript V8 engine. It is possible to craft Javascript in such a way that when calling Array.indexOf, properties of the array can be changed, and certain values in memory can be disclosed to the user. Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2017-5040
Loading description