Insufficient Sanitization of DevTools URLs in Google Chrome for Windows Allows Remote Filesystem Reading via Malicious Extension

Insufficient Sanitization of DevTools URLs in Google Chrome for Windows Allows Remote Filesystem Reading via Malicious Extension

CVE-2017-5011 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.

Learn more about our Cis Benchmark Audit For Google Chrome.