CVE-2017-5101 - OpenCVE

Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Google	Chrome
Microsoft	Windows
Debian	Debian Linux
Redhat	Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server
Linux	Linux Kernel
Apple	Macos

Configuration 1 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

References

Link	Resource
http://www.debian.org/security/2017/dsa-3926
http://www.securityfocus.com/bid/99950
https://access.redhat.com/errata/RHSA-2017:1833
https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
https://crbug.com/681740
https://security.gentoo.org/glsa/201709-15

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Chrome

Published: 2017-10-27T05:00:00

Updated: 2018-01-04T19:57:01

Reserved: 2017-01-02T00:00:00

Link: CVE-2017-5101

JSON object: View

NVD Information

Status : Modified

Published: 2017-10-27T05:29:01.940

Modified: 2023-11-07T02:49:06.713

Link: CVE-2017-5101

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac", "vendor": "n/a", "versions": [{"status": "affected", "version": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac"}]}], "datePublic": "2017-07-25T00:00:00", "descriptions": [{"lang": "en", "value": "Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page."}], "problemTypes": [{"descriptions": [{"description": "Inappropriate implementation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://crbug.com/681740"}, {"name": "GLSA-201709-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201709-15"}, {"name": "DSA-3926", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3926"}, {"tags": ["x_refsource_MISC"], "url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"}, {"name": "99950", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99950"}, {"name": "RHSA-2017:1833", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1833"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2017-5101", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac", "version": {"version_data": [{"version_value": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Inappropriate implementation"}]}]}, "references": {"reference_data": [{"name": "https://crbug.com/681740", "refsource": "MISC", "url": "https://crbug.com/681740"}, {"name": "GLSA-201709-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-15"}, {"name": "DSA-3926", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3926"}, {"name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"}, {"name": "99950", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99950"}, {"name": "RHSA-2017:1833", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1833"}]}}}}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5101", "datePublished": "2017-10-27T05:00:00", "dateReserved": "2017-01-02T00:00:00", "dateUpdated": "2018-01-04T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E6FC5B1-DB09-4BF0-88CA-E5E2C42FAA37", "versionEndIncluding": "60.0.3112.78", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page."}, {"lang": "es", "value": "Una implementaci\u00f3n incorrecta en Omnibox en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Linux, Windows y Mac, permit\u00eda que un atacante remoto suplantase el contenido de Omnibox mediante una p\u00e1gina HTML manipulada."}], "id": "CVE-2017-5101", "lastModified": "2023-11-07T02:49:06.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-27T05:29:01.940", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2017/dsa-3926"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/99950"}, {"source": "chrome-cve-admin@google.com", "url": "https://access.redhat.com/errata/RHSA-2017:1833"}, {"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://crbug.com/681740"}, {"source": "chrome-cve-admin@google.com", "url": "https://security.gentoo.org/glsa/201709-15"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}