CVE-2017-5107 log

Source
Severity Low
Remote Yes
Type Information disclosure
Description
An information leakage vulnerability has been found in the Chromium browser < 60.0.3112.78. By rendering a FeConvolveMatrix SVG filter over a target iframe and timing its execution an attacking page can extract pixel values from a cross-origin page being iframe'd. This also allows reading ones own origin for history sniffing.
Group Package Affected Fixed Severity Status Ticket
AVG-363 chromium 59.0.3071.115-1 60.0.3112.78-1 Critical Fixed
Date Advisory Group Package Severity Description
27 Jul 2017 ASA-201707-29 AVG-363 chromium Critical multiple issues
References
https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
https://crbug.com/686253