QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-5110

Back to search

CVE-2017-5110

Published: Oct 27, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

VendorProductVersions

n/a

Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android

affected
Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android

References

GLSA-201709-15
vendor-advisory
x_refsource_GENTOO
DSA-3926
vendor-advisory
x_refsource_DEBIAN
99950
vdb-entry
x_refsource_BID
RHSA-2017:1833
vendor-advisory
x_refsource_REDHAT
https://crbug.com/717476
x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now