Vulnerability Description
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | < 59.0.3071.86 | |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
| Debian | Debian Linux | 9.0 |
| Android | - | |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98861
- http://www.securitytracker.com/id/1038622
- https://access.redhat.com/errata/RHSA-2017:1399
- https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.
- https://crbug.com/672008
- https://security.gentoo.org/glsa/201706-20
- http://www.securityfocus.com/bid/98861
- http://www.securitytracker.com/id/1038622
- https://access.redhat.com/errata/RHSA-2017:1399
- https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.
- https://crbug.com/672008
- https://security.gentoo.org/glsa/201706-20
FAQ
What is CVE-2017-5081?
CVE-2017-5081 is a vulnerability with a CVSS score of 3.3 (LOW). Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to mo...
How severe is CVE-2017-5081?
CVE-2017-5081 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5081?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Macos, Linux Linux Kernel, Microsoft Windows, Debian Debian Linux.