Home > Vulnerability Database > CVE-2017-5118

Mend.io Vulnerability Database

CVE-2017-5118

Date: October 27, 2017

Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.

Language: Unix

Severity Score

4.3

Related Resources (11)

Url: https://crbug.com/747847

Url: http://www.securitytracker.com/id/1039291

Url: http://www.securityfocus.com/bid/100610

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-5118

Url: https://security.gentoo.org/glsa/201709-15

Url: http://www.debian.org/security/2017/dsa-3985

Url: https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html

Url: https://access.redhat.com/security/cve/CVE-2017-5118

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-5118

Url: https://access.redhat.com/errata/RHSA-2017:2676

Url: https://www.mend.io/vulnerability-database/CVE-2017-5118

Severity Score

4.3

Weakness Type (CWE)

Security Features

CWE-254

Incorrect Permission Assignment for Critical Resource

CWE-732

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-5118

Date: October 27, 2017

Language: Unix

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?