CVE-2017-5120 — Google Chrome vulnerability

6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.9%

top 24.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedOct 27

Latest updateMay 13

Description

Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (bu…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDgoogle/chrome< 61.0.3163.79+1

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-qmqm-g7x7-xpcx: Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61↗2022-05-13

▶

OSV

CVE-2017-5120: Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61↗2017-10-27

▶

📋Vendor Advisories

Red Hat

chromium-browser: potential https downgrade during redirect navigation↗2017-09-05

▶

💬Community

Bugzilla

CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 chromium: various flaws [fedora-all]↗2017-09-06

▶

Bugzilla

CVE-2017-5120 chromium-browser: potential https downgrade during redirect navigation↗2017-09-06

▶