PT-2017-1267 · Google+4 · Google Chrome+4

Published

2017-01-25

Updated

2024-06-15

CVE-2017-5020

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android

Description The issue is caused by the lack of requirement for a user gesture for powerful download operations. This allows a remote attacker who convinces a user to install a malicious extension to execute arbitrary code via a crafted HTML page. The exploitation of this issue can enable remote attackers to install malicious extensions and execute arbitrary code using a specially crafted HTML page.

Recommendations For Google Chrome versions prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, update to version 56.0.2924.76 or later for Linux, Windows and Mac, and 56.0.2924.87 or later for Android to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability for Opera.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2017-1150

BDU:2017-00381

CVE-2017-5020

DSA-3776-1

MGASA-2017-0111

OPENSUSE-SU-2017:0565-1

OPENSUSE-SU-2017_0499-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

RHSA-2017:0206

RHSA-2017_0206

Affected Products

Alt Linux

Google Chrome

Opera

Red Hat

Suse

PT-2017-1267 · Google+4 · Google Chrome+4

CVE-2017-5020

Weakness Enumeration

Related Identifiers

Affected Products

References · 2336