Medium severity6.1NVD Advisory· Published Feb 17, 2017· Updated Jun 17, 2026
CVE-2017-5020
CVE-2017-5020
Description
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- osv-coords2 versionspkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2
< 93.0.4577.82-1.1+ 1 more
- (no CPE)range: < 93.0.4577.82-1.1
- (no CPE)range: < 56.0.2924.87-5.1
Patches
Vulnerability mechanics
References
7News mentions
0No linked articles in our index yet.