6.5

CVE-2017-5089

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 59.0.3071.104
   ApplemacOS Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.29% 0.663
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201706-20
http://www.debian.org/security/2017/dsa-3926
http://www.securityfocus.com/bid/99096
http://www.securitytracker.com/id/1038765
https://access.redhat.com/errata/RHSA-2017:1495
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html
https://crbug.com/714196