Low severity3.3NVD Advisory· Published Oct 27, 2017· Updated May 13, 2026

CVE-2017-5081

Description

Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.

Affected products

Google/Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Range: <59.0.3071.86
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/98861nvd
www.securitytracker.com/id/1038622nvd
access.redhat.com/errata/RHSA-2017:1399nvd
chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.htmlnvd
crbug.com/672008nvd
security.gentoo.org/glsa/201706-20nvd

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000