Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-5033

Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.

Related bugs and status

CVE-2017-5033 (Candidate) is related to these bugs:

Bug #1664147: Chromium on trusty too outdated; not supported by gmail

Summary				In	Importance	Status
	1664147	Chromium on trusty too outdated; not supported by gmail		chromium-browser (Ubuntu)	High	Fix Released

Bug #1673276: Improvements to Debian rules file

Summary				In	Importance	Status
	1673276	Improvements to Debian rules file		chromium-browser (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://chromereleases...
CONFIRM: https://crbug.com/669086
BID: 96767
GENTOO: GLSA-201704-02
MISC: https://twitter.com/Ma...
DEBIAN: DSA-3810
REDHAT: RHSA-2017:0499