4.3

CVE-2017-5118

EPSS 0.61%
Published 27.10.2017 05:29:02
Last modified 20.04.2025 01:37:25
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.

Affected products Warnungen 0 Metrics 3 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version < 61.0.3163.79

   Apple ≫ macOS Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Google ≫ Chrome Version < 61.0.3163.81

Google ≫ Android Version-

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.61%	0.684

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://security.gentoo.org/glsa/201709-15

http://www.debian.org/security/2017/dsa-3985

http://www.securityfocus.com/bid/100610

http://www.securitytracker.com/id/1039291

https://access.redhat.com/errata/RHSA-2017:2676

https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html

https://crbug.com/747847

https://nvd.nist.gov/vuln/detail/CVE-2017-5118

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5118

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5118

EUVD