CVE-2017-5082Sensitive Information Exposure in Google Chrome

CWE-200Sensitive Information Exposure7 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 87.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedOct 27
Latest updateMay 14

Description

Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDgoogle/chrome< 59.0.3071.92

🔴Vulnerability Details

2
GHSA
GHSA-pp6m-c2cm-8hxw: Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 592022-05-14
OSV
CVE-2017-5082: Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 592017-10-27

📋Vendor Advisories

1
Red Hat
chromium-browser: insufficient hardening in credit card editor2017-06-05

💬Community

3
Bugzilla
FireFox for Android doesn't protect master password screen with FLAG_SECURE2018-09-16
Bugzilla
chromium: various flaws [fedora-all]2017-06-06
Bugzilla
CVE-2017-5082 chromium-browser: insufficient hardening in credit card editor2017-06-06