CVE-2017-5042
N/A
N/A
Summary
Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android | affected |
Weaknesses
- insufficient policy enforcement
ADP Enrichment
CVE Program Container
Additional References
- https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
- https://security.gentoo.org/glsa/201704-02
- https://crbug.com/671932
- http://www.debian.org/security/2017/dsa-3810
- http://www.securityfocus.com/bid/96767
- http://rhn.redhat.com/errata/RHSA-2017-0499.html
References
- https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
- https://security.gentoo.org/glsa/201704-02
- https://crbug.com/671932
- http://www.debian.org/security/2017/dsa-3810
- http://www.securityfocus.com/bid/96767
- http://rhn.redhat.com/errata/RHSA-2017-0499.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.