CVE-2017-5033

Priority
Medium
Description
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
and 57.0.2987.108 for Android failed to correctly propagate CSP
restrictions to local scheme pages, which allowed a remote attacker to
bypass content security policy via a crafted HTML page.
References
Package
Upstream:released (57.0.2987.98)
Ubuntu 17.10 (Artful Aardvark):released (57.0.2987.98-0ubuntu1.1348)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored)
Ubuntu 14.04 LTS (Trusty Tahr):released (58.0.3029.81-0ubuntu0.14.04.1172)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (57.0.2987.98-0ubuntu0.16.04.1276)
Ubuntu 16.10 (Yakkety Yak):released (57.0.2987.98-0ubuntu0.16.10.1344)
Ubuntu 17.04 (Zesty Zapus):released (57.0.2987.98-0ubuntu1.1348)
Package
Upstream:released (1.21.5)
Ubuntu 17.10 (Artful Aardvark):released (1.21.5-0ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.21.5-0ubuntu0.14.04.1)
Ubuntu Touch 15.04:ignored (reached end-of-life)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.21.5-0ubuntu0.16.04.1)
Ubuntu 16.10 (Yakkety Yak):released (1.21.5-0ubuntu0.16.10.1)
Ubuntu 17.04 (Zesty Zapus):released (1.21.5-0ubuntu1)
More Information

Updated: 2017-06-15 16:17:58 UTC (commit 12747)