Google · Google Chrome · CVE-2017-15427
Name of the Vulnerable Software and Affected Versions:
Google Chrome versions prior to 63.0.3239.84
Description:
The issue is related to insufficient policy enforcement in Omnibox, allowing a socially engineered user to perform a self-XSS attack by dragging and dropping a `javascript:` URL into the URL bar.
Recommendations:
For versions prior to 63.0.3239.84, update to version 63.0.3239.84 or later to resolve the issue.