CVE-2017-5020 — Cross-site Scripting in Google Chrome
Severity
6.1MEDIUMNVD
EPSS
0.5%
top 32.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 17
Latest updateMay 14
Description
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages1 packages
🔴Vulnerability Details
2💥Exploits & PoCs
1Exploit-DB▶
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011)↗2017-03-20