Cloud Defense Logo

Products

Solutions

Company

CVE-2017-5042 : Vulnerability Insights and Analysis

Learn about CVE-2017-5042, a vulnerability in Google Chrome versions prior to 57.0.2987.98 for Mac, Windows, and Linux, and 57.0.2987.108 for Android, allowing attackers to intercept plain-text cookies.

Google Chrome prior to version 57.0.2987.98 for Mac, Windows, and Linux, and 57.0.2987.108 for Android had a vulnerability that allowed attackers on the same local network segment to intercept plain-text cookies.

Understanding CVE-2017-5042

Before version 57.0.2987.98 of Google Chrome for Mac, Windows, and Linux and version 57.0.2987.108 for Android, a flaw existed where cookies were sent to websites found through SSDP, enabling attackers to monitor plain-text cookies.

What is CVE-2017-5042?

This CVE refers to a vulnerability in Google Chrome versions prior to 57.0.2987.98 for Mac, Windows, and Linux, and 57.0.2987.108 for Android. The flaw allowed attackers on the same local network segment to establish connections to any URLs and intercept plain-text cookies.

The Impact of CVE-2017-5042

The vulnerability in Google Chrome could be exploited by attackers on the local network to intercept sensitive information like plain-text cookies, potentially leading to unauthorized access to user accounts and sensitive data.

Technical Details of CVE-2017-5042

Google Chrome vulnerability details:

Vulnerability Description

The flaw in Chrome versions prior to 57.0.2987.98 for Mac, Windows, and Linux, and 57.0.2987.108 for Android allowed cookies to be sent to websites discovered via SSDP, enabling attackers to intercept plain-text cookies.

Affected Systems and Versions

        Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
        Google Chrome 57.0.2987.108 for Android

Exploitation Mechanism

Attackers on the same local network segment could exploit the vulnerability to establish connections to arbitrary URLs and monitor any plain-text cookies sent, potentially compromising user privacy and security.

Mitigation and Prevention

Steps to address CVE-2017-5042:

Immediate Steps to Take

        Update Google Chrome to version 57.0.2987.98 for Mac, Windows, and Linux, and 57.0.2987.108 for Android
        Avoid using unsecured networks where attackers can intercept traffic

Long-Term Security Practices

        Use encrypted connections (HTTPS) to protect sensitive data
        Regularly monitor for security updates and apply patches promptly

Patching and Updates

        Google released patches to address the vulnerability, so ensure Chrome is updated to the latest secure version

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now