CVE-2017-5081

LOW

Google Chrome <59.0.3071.86-59.0.3071.92 - Info Disclosure

Title source: llm
STIX 2.1

Description

Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98861
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1399
Issue Tracking x_refsource_misc
https://crbug.com/672008
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038622
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201706-20

Scores

CVSS v3 3.3
EPSS 0.0034
EPSS Percentile 25.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-20
Status published
Products (6)
debian/debian_linux 9.0
google/chrome < 59.0.3071.86
n/a/Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_workstation 6.0
Published Oct 27, 2017
Tracked Since Feb 18, 2026