CVE-2017-5020

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android

Description The issue is caused by the lack of requirement for a user gesture for powerful download operations. This allows a remote attacker who convinces a user to install a malicious extension to execute arbitrary code via a crafted HTML page. The exploitation of this issue can enable remote attackers to install malicious extensions and execute arbitrary code using a specially crafted HTML page.

Recommendations For Google Chrome versions prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, update to version 56.0.2924.76 or later for Linux, Windows and Mac, and 56.0.2924.87 or later for Android to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability for Opera.