Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 03:26
Type | Values Removed | Values Added |
---|---|---|
References | () http://rhn.redhat.com/errata/RHSA-2017-0499.html - | |
References | () http://www.debian.org/security/2017/dsa-3810 - | |
References | () http://www.securityfocus.com/bid/96767 - | |
References | () https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html - | |
References | () https://crbug.com/669086 - | |
References | () https://security.gentoo.org/glsa/201704-02 - | |
References | () https://twitter.com/Ma7h1as/status/907641276434063361 - |
07 Nov 2023, 02:48
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.debian.org/security/2017/dsa-3810 - | |
References | () http://www.securityfocus.com/bid/96767 - | |
References | () https://security.gentoo.org/glsa/201704-02 - | |
References | () https://twitter.com/Ma7h1as/status/907641276434063361 - | |
References | () http://rhn.redhat.com/errata/RHSA-2017-0499.html - | |
References | () https://crbug.com/669086 - | |
References | () https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html - |
Information
Published : 2017-04-24 23:59
Updated : 2024-11-21 03:26
NVD link : CVE-2017-5033
Mitre link : CVE-2017-5033
CVE.ORG link : CVE-2017-5033
JSON object : View
Products Affected
linux
- linux_kernel
apple
- macos
microsoft
- windows
- chrome
- android
debian
- debian_linux
redhat
- enterprise_linux_desktop
- enterprise_linux_workstation
- enterprise_linux_server
CWE
CWE-281
Improper Preservation of Permissions