Vulnerability Details : CVE-2017-5109
Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.
Vulnerability category: Input validation
Products affected by CVE-2017-5109
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-5109
0.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-5109
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2017-5109
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-5109
-
https://access.redhat.com/errata/RHSA-2017:1833
RHSA-2017:1833 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://crbug.com/710400
710400 - Permission Prompt not correctly dismissed on top window navigation - chromium - MonorailExploit;Issue Tracking;Vendor Advisory
-
https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
Chrome Releases: Stable Channel Update for DesktopRelease Notes;Vendor Advisory
-
http://www.debian.org/security/2017/dsa-3926
Debian -- Security Information -- DSA-3926-1 chromium-browserThird Party Advisory
-
http://www.securityfocus.com/bid/99950
Google Chrome Prior to 60.0.3112.78 Multiple Security VulnerabilitiesBroken Link
-
https://security.gentoo.org/glsa/201709-15
Chromium: Multiple vulnerabilities (GLSA 201709-15) — Gentoo securityBroken Link
Jump to