CVE-2017-5033

NameCVE-2017-5033
DescriptionBlink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-3810-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersourcewheezy(unfixed)end-of-life
chromium-browsersourcejessie57.0.2987.98-1~deb8u1DSA-3810-1
chromium-browsersource(unstable)57.0.2987.98-1

Notes

[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)

Search for package or bug name: Reporting problems