CVE-2017-5042

Published: Apr 24, 2017Modified: May 13, 2026

5.7

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.1 / Impact: 3.6

Source: NVD

Description

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.

Affected (7)

Products: Google: Chrome · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Debian: Debian Linux

1 product

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

1 product

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Google Chrome	Up to 57.0.2987.75

Running on/with	Platform Versions
Apple Macos	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Chrome	Up to 57.0.2987.100

Running on/with	Platform Versions
Google Android	All versions

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (12)

http://rhn.redhat.com/errata/RHSA-2017-0499.html

Source: chrome-cve-admin@google.com

http://www.debian.org/security/2017/dsa-3810

Source: chrome-cve-admin@google.com

http://www.securityfocus.com/bid/96767

Source: chrome-cve-admin@google.com

https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html

Source: chrome-cve-admin@google.com

https://crbug.com/671932

Source: chrome-cve-admin@google.com

https://security.gentoo.org/glsa/201704-02

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2017-0499.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2017/dsa-3810

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/96767

Source: af854a3a-2127-422b-91ae-364da2661108

https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://crbug.com/671932

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201704-02

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.