4.3
CVE-2017-5026
- EPSS 1.43%
- Veröffentlicht 17.02.2017 07:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- CVE-Watchlists
- Unerledigt
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.43% | 0.696 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-1021 Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.
http://rhn.redhat.com/errata/RHSA-2017-0206.html
http://www.debian.org/security/2017/dsa-3776
http://www.securityfocus.com/bid/95792
http://www.securitytracker.com/id/1037718
https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
https://security.gentoo.org/glsa/201701-66
https://crbug.com/634108