PT-2017-16292 · Google · Google Chrome
Rory Mcnamara
·
Published
2017-10-27
·
Updated
2019-10-03
·
CVE-2017-5084
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Google Chrome OS versions prior to 59.0.3071.92
Description
The issue is related to an inappropriate implementation in the image-burner component. A local attacker could potentially read local files by sending dbus-send commands to a BurnImage D-Bus endpoint, specifically the "/org/chromium/flashrom/BurnImage" endpoint, using variables such as
dbus-send commands.Recommendations
For Google Chrome OS versions prior to 59.0.3071.92, update to version 59.0.3071.92 or later to resolve the issue.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Chrome