UBUNTU-CVE-2017-5033

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2017-5033
Downstream
USN-3236-1
Published: 10 Mar 2017, 00:00
Last modified:22 Apr 2026, 11:25

Vulnerability Summary

Overall Risk (default)
low
17/100
CVSS Score
4.3 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

10 Mar 2017, 00:00
Published
Vulnerability first disclosed
22 Apr 2026, 11:25
Last Modified
Vulnerability information updated

Description

Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.

CVSS Metrics

  • v3.1MEDIUMScore: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
  • v3.0MEDIUMScore: 4.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected Systems

  • ubuntuchromium-browser

    < 58.0.3029.81-0ubuntu0.14.04.1172 | < 57.0.2987.98-0ubuntu0.16.04.1276

  • ubuntuoxide-qt

    < 1.21.5-0ubuntu0.14.04.1 | < 1.21.5-0ubuntu0.16.04.1

References (4)