Signature Handling Vulnerability in Google Chrome Product by Google
CVE-2017-5066

6.5MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 58.0.3029.81 For Mac, Windows And Linux, And 58.0.3029.83 For Android
Vendor
CVE Published:
27 October 2017

Summary

A vulnerability in the signature handling of the networking stack in Google Chrome for Mac, Windows, and Linux prior to version 58.0.3029.81, and on Android prior to version 58.0.3029.83, could allow a remote attacker to accept a malformed X.509 certificate. This vulnerability arises due to insufficient consistency checks during the processing of certificates, empowering attackers to exploit this flaw through crafted HTML pages.

Affected Version(s)

Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android Google Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android

References

https://access.redhat.com/errata/RHSA-2017:1124
vendor-advisoryx_refsource_REDHAT
https://crbug.com/690821
x_refsource_MISC
https://security.gentoo.org/glsa/201705-02
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.