CVE-2017-5096 — Sensitive Information Exposure in Google Chrome

CWE-200 — Sensitive Information Exposure6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 39.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedOct 27

Latest updateMay 14

Description

Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶NVDgoogle/chrome< 60.0.3112.78

🔴Vulnerability Details

GHSA

GHSA-wxgx-3g3w-469v: Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60↗2022-05-14

▶

OSV

CVE-2017-5096: Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60↗2017-10-27

▶

📋Vendor Advisories

Red Hat

chromium-browser: user information leak via android intents↗2017-07-25

▶

💬Community

Bugzilla

CVE-2017-5096 chromium-browser: user information leak via android intents↗2017-07-26

▶

Bugzilla

chromium: various flaws [fedora-all]↗2017-07-26

▶