Privilege Elevation Vulnerability in Google Chrome for Mac
CVE-2017-5099

8.8HIGH

Key Information:

Vendor

Google
Status
Google Chrome Prior To 60.0.3112.78 For Mac
Vendor
CVE Published:
27 October 2017

What is CVE-2017-5099?

An insufficient validation of untrusted input in PPAPI Plugins within Google Chrome for Mac prior to version 60.0.3112.78 allows remote attackers to potentially elevate their privileges via a specially crafted HTML page. This vulnerability may enable unauthorized actions by exploiting the flaws in input handling, emphasizing the necessity for continual updates and security measures.

Affected Version(s)

Google Chrome prior to 60.0.3112.78 for Mac Google Chrome prior to 60.0.3112.78 for Mac

References

https://crbug.com/733548
x_refsource_MISC
https://security.gentoo.org/glsa/201709-15
vendor-advisoryx_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3926
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.