CVE-2017-5124

moderate-risk
Published 2018-02-07

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.

Do I need to act?

!
19.1% chance of exploitation in next 30 days
EPSS score — higher than 81% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
45867
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Debian Google

References (18)

http://www.securityfocus.com/bid/101482
https://access.redhat.com/errata/RHSA-2017:2997
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop....
https://chromium.googlesource.com/chromium/src/+/4558c2885e618557a674660aff57404...
https://crbug.com/762930
https://github.com/Bo0oM/CVE-2017-5124
https://security.gentoo.org/glsa/201710-24
https://www.debian.org/security/2017/dsa-4020
https://www.reddit.com/r/netsec/comments/7cus2h/chrome_61_uxss_exploit_cve201751...
http://www.securityfocus.com/bid/101482
https://access.redhat.com/errata/RHSA-2017:2997
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop....
https://chromium.googlesource.com/chromium/src/+/4558c2885e618557a674660aff57404...
https://crbug.com/762930
https://github.com/Bo0oM/CVE-2017-5124
https://security.gentoo.org/glsa/201710-24
https://www.debian.org/security/2017/dsa-4020
https://www.reddit.com/r/netsec/comments/7cus2h/chrome_61_uxss_exploit_cve201751...
46
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 14/34 · Moderate
Exposure 9/34 · Low