GCVE - cpe:2.3:a:n/a:google_chrome_prior_to_59.0.3071.86_for_linux,_windows_and

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:google_chrome_prior_to_59.0.3071.86_for_linux,_windows_and_mac:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Google Chrome Prior To 59.0.3071.86 For Linux, Windows And Mac (`72e2bf00-97e1-5cf6-b0b1-ff67d0fe351c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-5078`	vulnerable	2026-06-08 05:09:39.098276	Details available Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument. Published: 2017-10-27T05:00:00.000Z Updated: 2024-08-05T14:47:44.461Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/98861 https://crbug.com/711020 https://access.redhat.com/errata/RHSA-2017:1399 http://www.securitytracker.com/id/1038622 https://security.gentoo.org/glsa/201706-20	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.