HighCISA KEVExploited in the wildPublic exploit

Type Confusion in Google Chrome V8

IdentifiersCVE-2017-5070CWE-843· Access of Resource Using…

CVE-2017-5070 is a type confusion vulnerability in the V8 JavaScript engine in Google Chrome. According to the provided content, affected versions are Chrome prior to 59.0.3071.86 on Linux, Windows, and Mac, and prior to 59.0.3071.92 on Android. The flaw can be triggered by a remote attacker via a crafted HTML page, causing type confusion in V8 and enabling arbitrary code execution within the Chrome sandbox. The supplied context further indicates this vulnerability was incorporated into Android exploitation tooling used by the MOONSHINE framework, where exploit code appears to have been copied or lightly modified from public sources and selected based on the victim browser version.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows remote arbitrary code execution in the context of the Chrome renderer/browser sandbox when a target visits a maliciously crafted HTML page. In practical attack chains, this provides an attacker with initial code execution inside the sandboxed browser process, which can then be used as a foothold for additional post-exploitation steps, such as payload staging or chaining with further vulnerabilities for broader device compromise.

Mitigation

If you can’t patch tonight, do this now.

Where immediate patching is not possible, reduce exposure by restricting access to untrusted web content, especially links delivered through messaging platforms or social engineering lures. On Android, limit use of in-app browsers/webviews for opening untrusted links where feasible, since the provided context indicates exploitation was delivered through a Chrome-based in-app browser. Enterprise controls such as URL filtering, browser isolation, application allowlisting, and rapid mobile/browser update enforcement can further reduce risk, but these measures do not replace patching.

Remediation

Patch, then assume compromise.

Upgrade Google Chrome to version 59.0.3071.86 or later on Linux, Windows, and Mac, and to 59.0.3071.92 or later on Android. More generally, ensure Chrome and any embedded or app-integrated Chrome/WebView components are updated to a version containing Google's fix for CVE-2017-5070. Apply vendor security updates promptly across managed endpoints and mobile devices.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

GoogleChromeapplication

Red HatEnterprise Linux Desktopoperating_system

Red HatEnterprise Linux Serveroperating_system

Red HatEnterprise Linux Workstationoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

citizenlabNews

Dec 10, 2025

Missing Link: Tibetan Groups Targeted with 1-Click Mobile Exploits - The Citizen Lab

A Google Chrome vulnerability used as Exploit #4 in the MOONSHINE Android exploit kit.

citizenlabNews

Sep 24, 2019

Missing Link: Tibetan Groups Targeted with 1-Click Mobile Exploits

A Google Chrome vulnerability with public exploit code, used by MOONSHINE against vulnerable Android Chrome versions.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence2

Every observed campaign linking this CVE to a named adversary.

Associated malware3

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2017-5070

NVD

nvd.nist.gov/vuln/detail/CVE-2017-5070

MITRE CWE · CWE-843

Access of Resource Using Incompatible Type…

Vendor Advisory

chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html

Third Party Advisory

access.redhat.com/errata/RHSA-2017:1399

Third Party Advisory

security.gentoo.org/glsa/201706-20

Exploit

crbug.com/722756

US Government Resource

cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5070