CVE-2017-5124
Summary
| CVE | CVE-2017-5124 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2018-02-07 23:29:00 UTC |
|---|
| Updated | 2023-11-07 02:49:00 UTC |
|---|
| Description | Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| 4558c2885e618557a674660aff57404d25537070 - chromium/src - Git at Google |
MISC |
chromium.googlesource.com |
Vendor Advisory |
| Google Chrome Prior to 62.0.3202.62 Multiple Security Vulnerabilities |
BID |
www.securityfocus.com |
Third Party Advisory, VDB Entry |
| Chromium, Google Chrome: Multiple vulnerabilities (GLSA 201710-24) — Gentoo security |
|
security.gentoo.org |
|
| Debian -- Security Information -- DSA-4020-1 chromium-browser |
|
www.debian.org |
|
| GitHub - Bo0oM/CVE-2017-5124: Chrome < 62 uxss exploit (CVE-2017-5124) |
MISC |
github.com |
Third Party Advisory |
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
Third Party Advisory |
| 762930 -
chromium -
An open-source project to help move the web forward. -
Monorail |
MISC |
crbug.com |
Permissions Required |
| Chrome Releases: Stable Channel Update for Desktop |
|
chromereleases.googleblog.com |
|
| Chrome 61 UXSS exploit (CVE-2017-5124) : netsec |
|
www.reddit.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710358 Gentoo Linux Chromium, Google Chrome Multiple Vulnerabilities (GLSA 201710-24)
