1
Candidate: CVE-2017-5120
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5120
5
https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html
7
Inappropriate use of www mismatch redirects in browser navigation in Google
8
Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81
9
for Android, allowed a remote attacker to potentially downgrade HTTPS
10
requests to HTTP via a crafted HTML page. In other words, Chrome could
11
transmit cleartext even though the user had entered an https URL, because
12
of a misdesigned workaround for cases where the domain name in a URL almost
13
matches the domain name in an X.509 server certificate (but differs in the
14
initial "www." substring).
19
Discovered-by: Xiaoyin Liu
22
Patches_chromium-browser:
23
upstream_chromium-browser: released (61.0.3163.79)
24
precise/esm_chromium-browser: DNE
25
trusty_chromium-browser: released (61.0.3163.100-0ubuntu0.14.04.1202)
26
vivid/ubuntu-core_chromium-browser: DNE
27
xenial_chromium-browser: released (61.0.3163.100-0ubuntu0.16.04.1306)
28
zesty_chromium-browser: released (61.0.3163.100-0ubuntu0.17.04.1377)
29
artful_chromium-browser: released (61.0.3163.100-0ubuntu1.1378)
30
bionic_chromium-browser: released (61.0.3163.100-0ubuntu1.1378)
31
devel_chromium-browser: released (61.0.3163.100-0ubuntu1.1378)
34
upstream_oxide-qt: needs-triage
35
precise/esm_oxide-qt: DNE
36
trusty_oxide-qt: needed
37
vivid/ubuntu-core_oxide-qt: DNE
38
xenial_oxide-qt: needs-triage
39
zesty_oxide-qt: ignored (reached end-of-life)
40
artful_oxide-qt: needs-triage