Medium severity4.3NVD Advisory· Published Apr 24, 2017· Updated May 13, 2026
CVE-2017-5033
CVE-2017-5033
Description
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.
Affected products
6cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- rhn.redhat.com/errata/RHSA-2017-0499.htmlnvd
- www.debian.org/security/2017/dsa-3810nvd
- www.securityfocus.com/bid/96767nvd
- chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.htmlnvd
- crbug.com/669086nvd
- security.gentoo.org/glsa/201704-02nvd
- twitter.com/Ma7h1as/status/907641276434063361nvd
News mentions
0No linked articles in our index yet.