cvedb.io
CVE-2017-5042
MEDIUM · CVSS 5.7
EPSS exploitation probability: 0%
Published 2017-04-24T23:59:00.597 · Last modified 2026-06-17T01:19:48.407

Summary

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.

Affected products

google — chrome

Does this affect you?

Add your gear to cvedb and we'll alert you only when google ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.