Medium severity6.1NVD Advisory· Published Feb 7, 2018· Updated Jun 17, 2026
CVE-2017-5124
CVE-2017-5124
Description
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versionspkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2
< 93.0.4577.82-1.1+ 1 more
- (no CPE)range: < 93.0.4577.82-1.1
- (no CPE)range: < 63.0.3239.84-40.1
Patches
Vulnerability mechanics
References
8- www.securityfocus.com/bid/101482nvd
- access.redhat.com/errata/RHSA-2017:2997nvd
- chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.htmlnvd
- chromium.googlesource.com/chromium/src/+/4558c2885e618557a674660aff57404d25537070nvd
- crbug.com/762930nvd
- security.gentoo.org/glsa/201710-24nvd
- www.debian.org/security/2017/dsa-4020nvd
- www.reddit.com/r/netsec/comments/7cus2h/chrome_61_uxss_exploit_cve20175124/nvd
News mentions
0No linked articles in our index yet.