Vulnerability Description
Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | < 58.0.3029.81 | |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
| Android | - | |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97939
- http://www.securitytracker.com/id/1038317
- https://access.redhat.com/errata/RHSA-2017:1124
- https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.
- https://crbug.com/690821
- https://security.gentoo.org/glsa/201705-02
- http://www.securityfocus.com/bid/97939
- http://www.securitytracker.com/id/1038317
- https://access.redhat.com/errata/RHSA-2017:1124
- https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.
- https://crbug.com/690821
- https://security.gentoo.org/glsa/201705-02
FAQ
What is CVE-2017-5066?
CVE-2017-5066 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacke...
How severe is CVE-2017-5066?
CVE-2017-5066 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5066?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Macos, Linux Linux Kernel, Microsoft Windows, Google Android.