XSS Vulnerability in Google Chrome Affecting Multiple Platforms
CVE-2017-5045

6.1MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 57.0.2987.98 For Mac, Windows And Linux, And 57.0.2987.108 For Android
Vendor
CVE Published:
24 April 2017

Summary

An XSS vulnerability exists in Google Chrome versions prior to 57.0.2987.98 on Mac, Windows, and Linux, and prior to 57.0.2987.108 on Android. This flaw permits remote attackers to detect blocked iframe loads and manipulate JavaScript variables via specially crafted HTML pages. Successful exploitation could lead to unauthorized actions on the web applications visited by the user.

Affected Version(s)

Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android

References

https://chromereleases.googleblog.com/2017/03/stable-chan...
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201704-02
vendor-advisoryx_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3810
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.