Products

Solutions

Company

Book A Live Demo

CVE-2017-5120 : What You Need to Know

Learn about CVE-2017-5120, a Google Chrome vulnerability allowing attackers to downgrade HTTPS requests to HTTP. Find mitigation steps and affected versions here.

A vulnerability in Google Chrome versions prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android allowed attackers to downgrade HTTPS requests to HTTP by exploiting a redirecting www mismatch in browser navigation.

Understanding CVE-2017-5120

This CVE involves an inappropriate usage of redirecting www mismatch in browser navigation in Google Chrome.

What is CVE-2017-5120?

The vulnerability in Google Chrome versions earlier than 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android allowed attackers to potentially downgrade HTTPS requests to HTTP by manipulating browser navigation.

The Impact of CVE-2017-5120

The vulnerability could enable an attacker to create a customized HTML page to intercept HTTPS requests and transmit information in plain text, compromising user data security.

Technical Details of CVE-2017-5120

This section provides detailed technical information about the CVE.

Vulnerability Description

The flaw in Google Chrome allowed attackers to exploit a redirecting www mismatch in browser navigation, leading to the potential downgrade of secure HTTPS connections to unencrypted HTTP.

Affected Systems and Versions

Google Chrome versions prior to 61.0.3163.79 for Mac, Windows, and Linux

Google Chrome version 61.0.3163.81 for Android

Exploitation Mechanism

Attackers could create a customized HTML page to intercept HTTPS requests and manipulate browser navigation, tricking Chrome into transmitting data in plain text.

Mitigation and Prevention

Protecting systems from CVE-2017-5120 requires immediate actions and long-term security practices.

Immediate Steps to Take

Update Google Chrome to versions 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android

Avoid entering sensitive information on unsecured websites

Long-Term Security Practices

Regularly update browsers and security software

Educate users on identifying secure websites and HTTPS protocols

Patching and Updates

Apply security patches promptly

Monitor vendor advisories for future updates and security recommendations

CVE-2017-5120 : What You Need to Know

Understanding CVE-2017-5120

What is CVE-2017-5120?

The Impact of CVE-2017-5120

Technical Details of CVE-2017-5120

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2017-5120 : What You Need to Know

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2017-5120

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2017-5120?

The Impact of CVE-2017-5120

Technical Details of CVE-2017-5120

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2017-5120

What is CVE-2017-5120?

Is your System Free of Underlying Vulnerabilities?
Find Out Now