CVE-2017-5085 — Cross-site Scripting in Google Chrome

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 36.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedOct 27

Latest updateMay 14

Description

Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDgoogle/chrome58.0.3029

🔴Vulnerability Details

GHSA

GHSA-hm49-rqj7-m4mp: Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain ope↗2022-05-14

▶

OSV

CVE-2017-5085: Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain ope↗2017-10-27

▶

📋Vendor Advisories

Red Hat

chromium-browser: inappropriate javascript execution on webui pages↗2017-06-05

▶

💬Community

Bugzilla

chromium: various flaws [fedora-all]↗2017-06-06

▶

Bugzilla

CVE-2017-5085 chromium-browser: inappropriate javascript execution on webui pages↗2017-06-06

▶