Описание
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 56.0.2924.76-0ubuntu2.1343 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [58.0.3029.81-0ubuntu0.14.04.1172]] |
| precise | ignored | |
| trusty | released | 58.0.3029.81-0ubuntu0.14.04.1172 |
| trusty/esm | DNE | trusty was released [58.0.3029.81-0ubuntu0.14.04.1172] |
| upstream | released | 56.0.2924.76 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 56.0.2924.76-0ubuntu0.16.04.1268 |
| yakkety | released | 56.0.2924.76-0ubuntu0.16.10.1335 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| esm-infra/xenial | not-affected | |
| precise | DNE | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | not-affected | |
| vivid/stable-phone-overlay | not-affected | |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56 ...
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.
Уязвимость браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3