Lucene search

K
cvelistChromeCVELIST:CVE-2017-5033
HistoryApr 24, 2017 - 11:00 p.m.

CVE-2017-5033

2017-04-2423:00:00
Chrome
www.cve.org
8

AI Score

5

Confidence

Low

EPSS

0.007

Percentile

79.6%

Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.

CNA Affected

[
  {
    "product": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"
      }
    ]
  }
]