CVE-2017-5011Sensitive Information Exposure in Google Chrome

CWE-200Sensitive Information Exposure8 documents6 sources
Severity
6.5MEDIUMNVD
OSV6.1
EPSS
0.5%
top 32.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedFeb 17
Latest updateMay 14

Description

Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDgoogle/chrome55.0.2883.87

🔴Vulnerability Details

3
GHSA
GHSA-c54f-v439-vmxp: Google Chrome prior to 562022-05-14
OSV
oxide-qt vulnerabilities2017-02-08
OSV
CVE-2017-5011: Google Chrome prior to 562017-01-27

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2017-02-08
Red Hat
chromium-browser: unauthorised file access in devtools2017-01-25

💬Community

2
Bugzilla
CVE-2017-5011 chromium-browser: unauthorised file access in devtools2017-01-26
Bugzilla
chromium: various flaws [fedora-all]2017-01-26