CVE-2017-5061 - OpenCVE

A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Google	Chrome
Microsoft	Windows
Redhat	Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server
Linux	Linux Kernel
Apple	Macos

Configuration 1 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/97939
http://www.securitytracker.com/id/1038317
https://access.redhat.com/errata/RHSA-2017:1124
https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html
https://crbug.com/672847
https://security.gentoo.org/glsa/201705-02

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Chrome

Published: 2017-10-27T05:00:00

Updated: 2018-01-04T19:57:01

Reserved: 2017-01-02T00:00:00

Link: CVE-2017-5061

JSON object: View

NVD Information

Status : Modified

Published: 2017-10-27T05:29:00.537

Modified: 2023-11-07T02:48:49.543

Link: CVE-2017-5061

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac", "vendor": "n/a", "versions": [{"status": "affected", "version": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac"}]}], "datePublic": "2017-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."}], "problemTypes": [{"descriptions": [{"description": "Race", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "RHSA-2017:1124", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1124"}, {"name": "GLSA-201705-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201705-02"}, {"name": "1038317", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038317"}, {"tags": ["x_refsource_MISC"], "url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"}, {"tags": ["x_refsource_MISC"], "url": "https://crbug.com/672847"}, {"name": "97939", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97939"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2017-5061", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac", "version": {"version_data": [{"version_value": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Race"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:1124", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1124"}, {"name": "GLSA-201705-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201705-02"}, {"name": "1038317", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038317"}, {"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"}, {"name": "https://crbug.com/672847", "refsource": "MISC", "url": "https://crbug.com/672847"}, {"name": "97939", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97939"}]}}}}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5061", "datePublished": "2017-10-27T05:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2018-01-04T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE8D9B93-C713-498E-9B9A-5146018A975D", "versionEndExcluding": "58.0.3029.81", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."}, {"lang": "es", "value": "Una condici\u00f3n de carrera en navigation en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac, permit\u00eda que un atacante remoto suplantase el contenido de la Omnibox (barra de direcciones) mediante una p\u00e1gina HTML manipulada."}], "id": "CVE-2017-5061", "lastModified": "2023-11-07T02:48:49.543", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-27T05:29:00.537", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/97939"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1038317"}, {"source": "chrome-cve-admin@google.com", "url": "https://access.redhat.com/errata/RHSA-2017:1124"}, {"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://crbug.com/672847"}, {"source": "chrome-cve-admin@google.com", "url": "https://security.gentoo.org/glsa/201705-02"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}