CVE-2017-5089

🗓️ 27 Oct 2017 05:00:00Reported by ChromeType

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name

Reporter	Title	Published	Views	Family All 62
ArchLinux	[ASA-201706-21] chromium: multiple issues	17 Jun 201700:00	–	archlinux
ArchLinux	[ASA-201707-4] qt5-webengine: multiple issues	4 Jul 201700:00	–	archlinux
Circl	CVE-2017-5089	11 Oct 202421:42	–	circl
CNVD	Google Chrome Omnibox Spoofing Vulnerability	23 Jun 201700:00	–	cnvd
Cvelist	CVE-2017-5089	27 Oct 201705:00	–	cvelist
Debian	[SECURITY] [DSA 3926-1] chromium-browser security update	4 Aug 201721:00	–	debian
Debian	[SECURITY] [DSA 3926-1] chromium-browser security update	4 Aug 201721:00	–	debian
Debian CVE	CVE-2017-5089	27 Oct 201705:00	–	debiancve
Tenable Nessus	Debian DSA-3926-1 : chromium-browser - security update	7 Aug 201700:00	–	nessus
Tenable Nessus	Fedora 26 : chromium (2017-01e4d46f23)	17 Jul 201700:00	–	nessus

NVD

Node

google chromeRange<59.0.3071.104

AND

apple macosMatch-

Node

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_workstationMatch6.0

[
  {
    "product": "Google Chrome prior to 59.0.3071.104 for Mac",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Google Chrome prior to 59.0.3071.104 for Mac"
      }
    ]
  }
]

Source	Link
securitytracker	www.securitytracker.com/id/1038765
security	www.security.gentoo.org/glsa/201706-20
chromereleases	www.chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html
crbug	www.crbug.com/714196
securityfocus	www.securityfocus.com/bid/99096
access	www.access.redhat.com/errata/RHSA-2017:1495
debian	www.debian.org/security/2017/dsa-3926

13 May 2026 00:24Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24.3

CVSS 3.16.5

EPSS0.00362

CWE-20