cvedb.io
CVE-2017-5018
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2017-02-17T07:59:00.590 · Last modified 2026-06-17T01:19:45.220

Summary

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.

Affected products

google — chrome

Does this affect you?

Add your gear to cvedb and we'll alert you only when google ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.