CVE-2017-5075 — Sensitive Information Exposure in Google Chrome

CWE-200 — Sensitive Information Exposure6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 28.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +1 more

Timeline

PublishedOct 27

Latest updateMay 13

Description

Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶NVDgoogle/chrome< 59.0.3071.86+1

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

🔴Vulnerability Details

GHSA

GHSA-75pp-gj49-72gp: Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59↗2022-05-13

▶

OSV

CVE-2017-5075: Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59↗2017-10-27

▶

📋Vendor Advisories

Red Hat

chromium-browser: information leak in csp reporting↗2017-06-05

▶

💬Community

Bugzilla

CVE-2017-5075 chromium-browser: information leak in csp reporting↗2017-06-06

▶

Bugzilla

chromium: various flaws [fedora-all]↗2017-06-06

▶