CVE-2017-5081 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-5081 Interim 1 23 2023-12-09T01:08:18Z current 2021-05-30T13:51:45Z 2023-12-09T01:08:18Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-5081 Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TLUTJG74MKQQNV4B46JHCB7CCFA5AHGM/#TLUTJG74MKQQNV4B46JHCB7CCFA5AHGM E-Mail link for openSUSE-SU-2017:1501-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKZE63LEN77JSLVLIISIQUKH4RZFGZIS/#QKZE63LEN77JSLVLIISIQUKH4RZFGZIS E-Mail link for openSUSE-SU-2017:1502-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 SP2 openSUSE Leap 15.0 openSUSE Leap 15.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed chromedriver-59.0.3071.86-20.1 chromedriver-93.0.4577.82-1.1 chromium-101.0.4951.64-bp154.1.2 chromium-59.0.3071.86-20.1 chromium-66.0.3359.170-lp150.1.1 chromium-83.0.4103.97-lp152.1.1 chromium-90.0.4430.212-bp153.1.1 chromium-93.0.4577.82-1.1 ungoogled-chromium-113.0.5672.92-1.1 ungoogled-chromium-chromedriver-113.0.5672.92-1.1 chromedriver-59.0.3071.86-20.1 as a component of SUSE Package Hub 12 SP2 chromium-59.0.3071.86-20.1 as a component of SUSE Package Hub 12 SP2 chromium-66.0.3359.170-lp150.1.1 as a component of openSUSE Leap 15.0 chromium-83.0.4103.97-lp152.1.1 as a component of openSUSE Leap 15.2 chromium-90.0.4430.212-bp153.1.1 as a component of openSUSE Leap 15.3 chromium-101.0.4951.64-bp154.1.2 as a component of openSUSE Leap 15.4 chromedriver-93.0.4577.82-1.1 as a component of openSUSE Tumbleweed chromium-93.0.4577.82-1.1 as a component of openSUSE Tumbleweed ungoogled-chromium-113.0.5672.92-1.1 as a component of openSUSE Tumbleweed ungoogled-chromium-chromedriver-113.0.5672.92-1.1 as a component of openSUSE Tumbleweed Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. CVE-2017-5081 SUSE Package Hub 12 SP2:chromedriver-59.0.3071.86-20.1 SUSE Package Hub 12 SP2:chromium-59.0.3071.86-20.1 openSUSE Leap 15.0:chromium-66.0.3359.170-lp150.1.1 openSUSE Leap 15.2:chromium-83.0.4103.97-lp152.1.1 openSUSE Leap 15.3:chromium-90.0.4430.212-bp153.1.1 openSUSE Leap 15.4:chromium-101.0.4951.64-bp154.1.2 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 openSUSE Tumbleweed:ungoogled-chromium-113.0.5672.92-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-113.0.5672.92-1.1 important 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N