CVE-2017-5081
LOWGoogle Chrome <59.0.3071.86-59.0.3071.92 - Info Disclosure
Title source: llmDescription
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98861
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1399
Issue Tracking x_refsource_misc
https://crbug.com/672008
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038622
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201706-20
Release Notes, Vendor Advisory x_refsource_misc
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
Scores
CVSS v3
3.3
EPSS
0.0034
EPSS Percentile
25.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (6)
debian/debian_linux
9.0
google/chrome
< 59.0.3071.86
n/a/Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android
Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_workstation
6.0
Published
Oct 27, 2017
Tracked Since
Feb 18, 2026