Rule Category

BROWSER-CHROME -- Snort has detected suspicious traffic known to exploit vulnerabilities present in the Chrome browser. These rules are separate from the "browser-webkit" category; while it uses the Webkit rendering engine, there's a lot of other features to create a secondary Chrome category.

Alert Message

BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt

Rule Explanation

This event is generated when an attacker attempts to exploit CVE-2017-5071. Impact: Attempted User Privilege Gain Details: This is a vulnerability in the way that Google Chrome V8 handles function objects in memory. Attackers who are able to exploit this vulnerability may be able to leak sensitive information on the system, or access objects they otherwise may not be able to. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Rule Vulnerability

CVE Additional Information

CVE-2017-5071
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Details
Severity Base Score6.3
Impact Score3.4 Exploit Score2.8
Confidentiality ImpactLOW Integrity ImpactLOW
Availability ImpactLOW Attack VectorNETWORK
ScopeUNCHANGED User InteractionREQUIRED
Authentication Ease of AccessLOW
Privileges RequiredNONE