Local Attacker Vulnerability in Google Chrome for Android Affecting Credit Card Autofill
CVE-2017-5082

5.5MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 59.0.3071.92 For Android
Vendor
CVE Published:
27 October 2017

Summary

A flaw in Google Chrome for Android allowed local attackers to access sensitive credit card information through the autofill feature. By crafting a malicious HTML page, attackers could exploit the vulnerability to capture screenshots of the credit card data stored in the browser, posing a serious risk to user privacy. Users of affected versions prior to 59.0.3071.92 should consider updating to ensure their information remains secure.

Affected Version(s)

Google Chrome prior to 59.0.3071.92 for Android Google Chrome prior to 59.0.3071.92 for Android

References

http://www.securityfocus.com/bid/98861
vdb-entryx_refsource_BID
https://crbug.com/721579
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:1399
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.