Vulnerability Details : CVE-2017-5081
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.
Vulnerability category: Input validation
Products affected by CVE-2017-5081
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-5081
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-5081
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST | |
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
1.8
|
1.4
|
NIST |
CWE ids for CVE-2017-5081
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-5081
-
http://www.securityfocus.com/bid/98861
Google Chrome Prior to 59.0.3071.86 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
Chrome Releases: Stable Channel Update for DesktopRelease Notes;Vendor Advisory
-
http://www.securitytracker.com/id/1038622
Google Chrome Multiple Flaws Let Remote Users Spoof URLs, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://crbug.com/672008
672008 - Security: Extension's verification bypass - chromium - MonorailExploit;Issue Tracking;Patch;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:1399
RHSA-2017:1399 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.gentoo.org/glsa/201706-20
Chromium: Multiple vulnerabilities (GLSA 201706-20) — Gentoo securityThird Party Advisory;VDB Entry
Jump to