CVE-2017-5033

Summary

Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.

Affected Software

VendorProductVersion RangeStatus
n/aGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for AndroidGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Androidaffected

Weaknesses

  • insufficient policy enforcement

ADP Enrichment

CVE Program Container

Additional References

References