PT-2017-3200 · Google+3 · Google Chrome+3

Published

2017-06-05

Updated

2024-06-15

CVE-2017-5085

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 59 for iOS

Description The issue is related to the inappropriate implementation in Bookmarks, allowing a remote attacker to run JavaScript on chrome:// pages via a crafted bookmark. This could be achieved if the attacker convinced the user to perform certain operations. The vulnerability is associated with the failure to protect the web page structure, potentially enabling a remote attacker to execute a JavaScript script on a chrome:// page using a specially crafted bookmark.

Recommendations For Google Chrome versions prior to 59 for iOS, update to version 59 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted bookmarks and restricting access to chrome:// pages to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2017-1713

BDU:2017-02632

CVE-2017-5085

MGASA-2017-0317

OPENSUSE-SU-2017:1501-1

OPENSUSE-SU-2017:1502-1

OPENSUSE-SU-2017_1502-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

RHSA-2017:1399

RHSA-2017_1399

Affected Products

Alt Linux

Google Chrome

Red Hat

Suse

PT-2017-3200 · Google+3 · Google Chrome+3

CVE-2017-5085

Weakness Enumeration

Related Identifiers

Affected Products

References · 2341