Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-5020

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.

Related bugs and status

CVE-2017-5020 (Candidate) is related to these bugs:

Bug #1664147: Chromium on trusty too outdated; not supported by gmail

Summary				In	Importance	Status
	1664147	Chromium on trusty too outdated; not supported by gmail		chromium-browser (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://chromereleases...
CONFIRM: https://crbug.com/668653
BID: 95792
GENTOO: GLSA-201701-66
SECTRACK: 1037718
DEBIAN: DSA-3776
REDHAT: RHSA-2017:0206