CVE-2017-5081
Publication date 27 October 2017
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Lack of verification of an extension’s locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.
Status
Package | Ubuntu Release | Status |
---|---|---|
chromium-browser | ||
18.04 LTS bionic |
Fixed 59.0.3071.109-0ubuntu1.1360
|
|
16.04 LTS xenial |
Fixed 59.0.3071.109-0ubuntu0.16.04.1289
|
|
14.04 LTS trusty |
Fixed 59.0.3071.109-0ubuntu0.14.04.1186
|
|
oxide-qt | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored Ubuntu touch end-of-life | |
14.04 LTS trusty | Not in release |
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |