CVE-2017-5066 — Improper Verification of Cryptographic Signature in Google Chrome

CWE-347 — Improper Verification of Cryptographic Signature6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 62.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +1 more

Timeline

PublishedOct 27

Latest updateMay 13

Description

Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDgoogle/chrome< 58.0.3029.81+1

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

🔴Vulnerability Details

GHSA

GHSA-rj4r-5q3x-jcjp: Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58↗2022-05-13

▶

OSV

CVE-2017-5066: Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58↗2017-10-27

▶

📋Vendor Advisories

Red Hat

chromium-browser: incorrect signature handing in networking↗2017-04-19

▶

💬Community

Bugzilla

CVE-2017-5066 chromium-browser: incorrect signature handing in networking↗2017-04-20

▶

Bugzilla

CVE-2017-5057 CVE-2017-5058 CVE-2017-5059 CVE-2017-5060 CVE-2017-5061 CVE-2017-5062 CVE-2017-5063 CVE-2017-5064 CVE-2017-5065 CVE-2017-5066 CVE-2017-5067 CVE-2017-5069 chromium: various flaws [fedora-↗2017-04-20

▶