Content Security Policy Bypass in Google Chrome on Multiple Platforms
CVE-2017-5033
4.3MEDIUM
Key Information:
- Vendor
Google
- Vendor
- CVE Published:
- 24 April 2017
What is CVE-2017-5033?
A vulnerability in Google Chrome allows remote attackers to circumvent content security policy restrictions due to improper handling of CSP settings in local scheme pages. This occurs specifically with the unsafe-inline keyword, enabling potential exploitation when a crafted HTML page is rendered. These flaws expose users to risks associated with malicious content being executed in their browser environments.
Affected Version(s)
Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android