Medium severity4.3NVD Advisory· Published Oct 27, 2017· Updated May 13, 2026

CVE-2017-5075

Description

Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page.

Affected products

N/A/Google Chrome Prior To 59.0.3071.86 For Linux, Windows And Mac, And 59.0.3071.92 For Androidv5
Range: Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android
Google/Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Range: <59.0.3071.86
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000