CVE-2017-5022

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 56.0.2924.76 for Linux, Windows and Mac Google Chrome version 56.0.2924.87 for Android Opera (affected versions not specified)

Description The issue is related to the Blink component in Google Chrome, which failed to properly enforce the content security policy for unsafe-inline content. This allowed a remote attacker to bypass the content security policy using a specially crafted HTML page. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For Google Chrome versions prior to 56.0.2924.76 for Linux, Windows and Mac, update to version 56.0.2924.76 or later. For Google Chrome version 56.0.2924.87 for Android, update to a later version. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to potentially vulnerable unsafe-inline content to minimize the risk of exploitation.