CVE-2017-5081

EUVD-2017-14190
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
< 59.0.3071.86
debiandebian_linux
9.0
googlechrome
𝑥
< 59.0.3071.92
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
6.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
artful
Fixed 59.0.3071.109-0ubuntu1.1360
released
bionic
Fixed 59.0.3071.109-0ubuntu1.1360
released
cosmic
Fixed 59.0.3071.109-0ubuntu1.1360
released
trusty
Fixed 59.0.3071.109-0ubuntu0.14.04.1186
released
xenial
Fixed 59.0.3071.109-0ubuntu0.16.04.1289
released
yakkety
Fixed 59.0.3071.109-0ubuntu0.16.10.1357
released
zesty
Fixed 59.0.3071.109-0ubuntu0.17.04.1360
released
oxide-qt
artful
ignored
bionic
dne
cosmic
dne
trusty
dne
xenial
ignored
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98861
http://www.securitytracker.com/id/1038622
https://access.redhat.com/errata/RHSA-2017:1399
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
https://crbug.com/672008
https://security.gentoo.org/glsa/201706-20
http://www.securityfocus.com/bid/98861
http://www.securitytracker.com/id/1038622
https://access.redhat.com/errata/RHSA-2017:1399
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
https://crbug.com/672008
https://security.gentoo.org/glsa/201706-20