← Zuruck zu CVEs
CVE-2017-5033
MEDIUM4.3
Beschreibung
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.
CVE Details
CVSS v3.1 Bewertung4.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht4/24/2017
Zuletzt geandert4/20/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
apple:macosdebian:debian_linuxgoogle:androidgoogle:chromelinux:linux_kernelmicrosoft:windowsredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_workstation
Schwachen (CWE)
CWE-281
Referenzen
http://rhn.redhat.com/errata/RHSA-2017-0499.html(chrome-cve-admin@google.com)
http://www.debian.org/security/2017/dsa-3810(chrome-cve-admin@google.com)
http://www.securityfocus.com/bid/96767(chrome-cve-admin@google.com)
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html(chrome-cve-admin@google.com)
https://crbug.com/669086(chrome-cve-admin@google.com)
https://security.gentoo.org/glsa/201704-02(chrome-cve-admin@google.com)
https://twitter.com/Ma7h1as/status/907641276434063361(chrome-cve-admin@google.com)
http://rhn.redhat.com/errata/RHSA-2017-0499.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2017/dsa-3810(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/96767(af854a3a-2127-422b-91ae-364da2661108)
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html(af854a3a-2127-422b-91ae-364da2661108)
https://crbug.com/669086(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201704-02(af854a3a-2127-422b-91ae-364da2661108)
https://twitter.com/Ma7h1as/status/907641276434063361(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.