CVE-2017-5099
Publication date 27 October 2017
Last updated 25 August 2025
Ubuntu priority
Description
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | ||
| 18.04 LTS bionic |
Fixed 60.0.3112.78-0ubuntu1.1363
|
|
| 16.04 LTS xenial |
Fixed 60.0.3112.78-0ubuntu0.16.04.1293
|
|
| 14.04 LTS trusty |
Fixed 60.0.3112.78-0ubuntu0.14.04.1190
|
|
| oxide-qt | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |