CVE-2017-5089

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.

References

https://crbug.com/714196

https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html

https://security.gentoo.org/glsa/201706-20

http://www.securitytracker.com/id/1038765

http://www.securityfocus.com/bid/99096

http://www.debian.org/security/2017/dsa-3926

https://access.redhat.com/errata/RHSA-2017:1495

Details

Source: MITRE

Published: 2017-10-27

Updated: 2021-09-08

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
102210Debian DSA-3926-1 : chromium-browser - security updateNessusDebian Local Security Checks
high
101920Fedora 24 : qt5-qtwebengine (2017-98bed96d12)NessusFedora Local Security Checks
critical
101779Fedora 25 : qt5-qtwebengine (2017-a7a488d8d0)NessusFedora Local Security Checks
high
101583Fedora 26 : qt5-qtwebengine (2017-1e34da27f3)NessusFedora Local Security Checks
high
101558Fedora 26 : chromium (2017-01e4d46f23)NessusFedora Local Security Checks
high
101072Fedora 24 : chromium (2017-c2e1dc46a1)NessusFedora Local Security Checks
high
101038Fedora 25 : chromium (2017-e8a1e1e62a)NessusFedora Local Security Checks
high
100992Google Chrome < 59.0.3071.104 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
high
100991Google Chrome < 59.0.3071.104 Multiple VulnerabilitiesNessusWindows
high
100946GLSA-201706-20 : Chromium: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
100902RHEL 6 : chromium-browser (RHSA-2017:1495)NessusRed Hat Local Security Checks
high
100862openSUSE Security Update : chromium (openSUSE-2017-701)NessusSuSE Local Security Checks
high
100861FreeBSD : chromium -- multiple vulnerabilities (f53dd5cc-527f-11e7-a772-e8e0b747a45a)NessusFreeBSD Local Security Checks
high
700135Google Chrome < 59.0.3071.104 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical