CVE-2017-5081 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation6 documents5 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 93.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedOct 27

Latest updateMay 13

Description

Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶NVDgoogle/chrome< 59.0.3071.86+1

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-9q86-h5gq-qf97: Lack of verification of an extension's locale folder in Google Chrome prior to 59↗2022-05-13

▶

OSV

CVE-2017-5081: Lack of verification of an extension's locale folder in Google Chrome prior to 59↗2017-10-27

▶

📋Vendor Advisories

Red Hat

chromium-browser: extension verification bypass↗2017-06-05

▶

💬Community

Bugzilla

chromium: various flaws [fedora-all]↗2017-06-06

▶

Bugzilla

CVE-2017-5081 chromium-browser: extension verification bypass↗2017-06-06

▶