CVE-2017-5033

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 57.0.2987.98 for Mac, Windows, and Linux Google Chrome version 57.0.2987.108 for Android

Description The issue is related to the incorrect propagation of Content Security Policy (CSP) restrictions to local scheme pages in Blink, which is used by Google Chrome and Opera. This allowed a remote attacker to bypass the content security policy via a crafted HTML page, specifically related to the unsafe-inline keyword. The vulnerability enables remote attackers to circumvent the restrictions imposed by the content security policy, potentially leading to security breaches.

Recommendations For Google Chrome versions prior to 57.0.2987.98 on Mac, Windows, and Linux, update to version 57.0.2987.98 or later. For Google Chrome version 57.0.2987.108 on Android, update to a version later than 57.0.2987.108. As a temporary workaround, consider restricting the use of the unsafe-inline keyword in Content Security Policy definitions until a patch is applied.