Candidate: CVE-2017-5081
PublicDate: 2017-10-27 05:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5081
 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
Description:
 Lack of verification of an extension's locale folder in Google Chrome prior
 to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android,
 allowed an attacker with local write access to modify extensions by
 modifying extension files.
Ubuntu-Description:
Notes:
Bugs:
 https://crbug.com/672008
Priority: medium
Discovered-by: Andrey Kovalev
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N [3.3 LOW]
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N [3.3 LOW]

Patches_chromium-browser:
upstream_chromium-browser: released (59.0.3071.86)
precise/esm_chromium-browser: DNE
trusty_chromium-browser: released (59.0.3071.109-0ubuntu0.14.04.1186)
trusty/esm_chromium-browser: DNE (trusty was released [59.0.3071.109-0ubuntu0.14.04.1186])
vivid/ubuntu-core_chromium-browser: DNE
vivid/stable-phone-overlay_chromium-browser: DNE
xenial_chromium-browser: released (59.0.3071.109-0ubuntu0.16.04.1289)
yakkety_chromium-browser: released (59.0.3071.109-0ubuntu0.16.10.1357)
zesty_chromium-browser: released (59.0.3071.109-0ubuntu0.17.04.1360)
artful_chromium-browser: released (59.0.3071.109-0ubuntu1.1360)
bionic_chromium-browser: released (59.0.3071.109-0ubuntu1.1360)
cosmic_chromium-browser: released (59.0.3071.109-0ubuntu1.1360)
devel_chromium-browser: released (59.0.3071.109-0ubuntu1.1360)

Patches_oxide-qt:
upstream_oxide-qt: needs-triage
precise/esm_oxide-qt: DNE
trusty_oxide-qt: ignored (Ubuntu touch end-of-life)
trusty/esm_oxide-qt: DNE (trusty was ignored [Ubuntu touch end-of-life])
vivid/ubuntu-core_oxide-qt: DNE
vivid/stable-phone-overlay_oxide-qt: ignored (reached end-of-life)
xenial_oxide-qt: ignored (Ubuntu touch end-of-life)
esm-infra/xenial_oxide-qt: ignored (Ubuntu touch end-of-life)
yakkety_oxide-qt: ignored (reached end-of-life)
zesty_oxide-qt: ignored (reached end-of-life)
artful_oxide-qt: ignored (reached end-of-life)
bionic_oxide-qt: DNE
cosmic_oxide-qt: DNE
devel_oxide-qt: DNE