Medium severity4.3NVD Advisory· Published Apr 24, 2017· Updated Jun 17, 2026
CVE-2017-5033
CVE-2017-5033
Description
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- rhn.redhat.com/errata/RHSA-2017-0499.htmlnvd
- www.debian.org/security/2017/dsa-3810nvd
- www.securityfocus.com/bid/96767nvd
- chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.htmlnvd
- crbug.com/669086nvd
- security.gentoo.org/glsa/201704-02nvd
- twitter.com/Ma7h1as/status/907641276434063361nvd
News mentions
0No linked articles in our index yet.