CVE-2017-5082 - Vulnerability Details - OpenCVE

Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00042.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android Chrome
Redhat	Rhel Extras

Configuration 1 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Supplementary
chromium-browser-0:59.0.3071.86-1.el6_9	cpe:/a:redhat:rhel_extras:6	RHSA-2017:1399	2017-06-06T00:00:00Z

No data.

References

Link	Providers
http://www.securityfocus.com/bid/98861
http://www.securitytracker.com/id/1038622
https://access.redhat.com/errata/RHSA-2017:1399
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
https://crbug.com/721579
https://nvd.nist.gov/vuln/detail/CVE-2017-5082
https://security.gentoo.org/glsa/201706-20
https://www.cve.org/CVERecord?id=CVE-2017-5082
https://wwws.nightwatchcybersecurity.com/2017/07/27/chrome-for-android-didnt-use-flag_secure-for-credit-card-prefill-settings-cve-2017-5082/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2017-10-27T05:00:00.000Z

Updated: 2024-08-05T14:47:44.422Z

Reserved: 2017-01-02T00:00:00.000Z

Link: CVE-2017-5082

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-10-27T05:29:01.270

Modified: 2026-05-13T00:24:29.033

Link: CVE-2017-5082

Redhat

Severity : Low

Publid Date: 2017-06-05T00:00:00Z

Links: CVE-2017-5082 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Google Chrome prior to 59.0.3071.92 for Android", "vendor": "n/a", "versions": [{"status": "affected", "version": "Google Chrome prior to 59.0.3071.92 for Android"}]}], "datePublic": "2017-06-05T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page."}], "problemTypes": [{"descriptions": [{"description": "Inappropriate implementation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01.000Z", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "98861", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98861"}, {"tags": ["x_refsource_MISC"], "url": "https://crbug.com/721579"}, {"name": "RHSA-2017:1399", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1399"}, {"name": "1038622", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038622"}, {"name": "GLSA-201706-20", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201706-20"}, {"tags": ["x_refsource_MISC"], "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"}, {"tags": ["x_refsource_MISC"], "url": "https://wwws.nightwatchcybersecurity.com/2017/07/27/chrome-for-android-didnt-use-flag_secure-for-credit-card-prefill-settings-cve-2017-5082/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2017-5082", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Google Chrome prior to 59.0.3071.92 for Android", "version": {"version_data": [{"version_value": "Google Chrome prior to 59.0.3071.92 for Android"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Inappropriate implementation"}]}]}, "references": {"reference_data": [{"name": "98861", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98861"}, {"name": "https://crbug.com/721579", "refsource": "MISC", "url": "https://crbug.com/721579"}, {"name": "RHSA-2017:1399", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1399"}, {"name": "1038622", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038622"}, {"name": "GLSA-201706-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201706-20"}, {"name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"}, {"name": "https://wwws.nightwatchcybersecurity.com/2017/07/27/chrome-for-android-didnt-use-flag_secure-for-credit-card-prefill-settings-cve-2017-5082/", "refsource": "MISC", "url": "https://wwws.nightwatchcybersecurity.com/2017/07/27/chrome-for-android-didnt-use-flag_secure-for-credit-card-prefill-settings-cve-2017-5082/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:47:44.422Z"}, "title": "CVE Program Container", "references": [{"name": "98861", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98861"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://crbug.com/721579"}, {"name": "RHSA-2017:1399", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1399"}, {"name": "1038622", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038622"}, {"name": "GLSA-201706-20", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201706-20"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wwws.nightwatchcybersecurity.com/2017/07/27/chrome-for-android-didnt-use-flag_secure-for-credit-card-prefill-settings-cve-2017-5082/"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2017-5082", "datePublished": "2017-10-27T05:00:00.000Z", "dateReserved": "2017-01-02T00:00:00.000Z", "dateUpdated": "2024-08-05T14:47:44.422Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "942DEDE8-09D5-4567-96CB-5552BB5DCA8E", "versionEndExcluding": "59.0.3071.92", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page."}, {"lang": "es", "value": "Un fallo a la hora de aprovechar las mitigaciones disponibles en el autocompletado de tarjeta de cr\u00e9dito en Google Chrome, en versiones anteriores a la 59.0.3071.92 para Android, permit\u00eda que un atacante local realizase capturas de pantalla de linformaci\u00f3n de tarjetas de cr\u00e9dito mediante una p\u00e1gina HTML manipulada."}], "id": "CVE-2017-5082", "lastModified": "2026-05-13T00:24:29.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-27T05:29:01.270", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/98861"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1038622"}, {"source": "chrome-cve-admin@google.com", "url": "https://access.redhat.com/errata/RHSA-2017:1399"}, {"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://crbug.com/721579"}, {"source": "chrome-cve-admin@google.com", "url": "https://security.gentoo.org/glsa/201706-20"}, {"source": "chrome-cve-admin@google.com", "url": "https://wwws.nightwatchcybersecurity.com/2017/07/27/chrome-for-android-didnt-use-flag_secure-for-credit-card-prefill-settings-cve-2017-5082/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/98861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:1399"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://crbug.com/721579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201706-20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://wwws.nightwatchcybersecurity.com/2017/07/27/chrome-for-android-didnt-use-flag_secure-for-credit-card-prefill-settings-cve-2017-5082/"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}