PT-2017-3200 · Google+3 · Google Chrome+3

Publicado

2017-06-05

·

Atualizado

2024-06-15

·

CVE-2017-5085

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 59 for iOS
Description The issue is related to the inappropriate implementation in Bookmarks, allowing a remote attacker to run JavaScript on chrome:// pages via a crafted bookmark. This could be achieved if the attacker convinced the user to perform certain operations. The vulnerability is associated with the failure to protect the web page structure, potentially enabling a remote attacker to execute a JavaScript script on a chrome:// page using a specially crafted bookmark.
Recommendations For Google Chrome versions prior to 59 for iOS, update to version 59 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted bookmarks and restricting access to chrome:// pages to minimize the risk of exploitation.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALT-PU-2017-1713
BDU:2017-02632
CVE-2017-5085
MGASA-2017-0317
OPENSUSE-SU-2017:1501-1
OPENSUSE-SU-2017:1502-1
OPENSUSE-SU-2017_1502-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
RHSA-2017:1399
RHSA-2017_1399

Produtos afetados

Alt Linux
Google Chrome
Red Hat
Suse