Google applied patch to fix this issue in Accessibility in version 98.0.4758.81. Exploitation of this issue required social engineering with specially crafted web pages.
CVE-2017-5715 In Google Photos prior to 5.5.47, when uploading an image containing a high density PDF file, XSS via a crafted filename was possible.
CVE-2017-5716 In Google Photos prior to 5.5.47, when viewing a multi-photo slide, XSS via a crafted URL was possible.
CVE-2017-5717 In Google Photos prior to 5.5.47, when viewing a slideshow with a long description, a click of a location outside the view could result in XSS via a crafted URL.
CVE-2017-5718 In Google Photos prior to 5.5.47, when a user views a slideshow with a long description and clicks on a location outside the view, a click of a location outside the view could result in XSS via a crafted URL.
CVE-2017-5719 In Google Photos prior to 5.5.47, when a user views a slideshow with a long description and clicks on a location outside the view, a click of a location outside the view could result in XSS via a crafted URL.
CVE-2017-5720 In Google Photos prior to 5.5.47, when a user views a slideshow with a long description and clicks
About Google Photos
Google Photos is a photo-sharing service developed by Google. The product is similar to Apple's iPhoto and Apple Photos, Amazon's Amazon Cloud Drive, and Microsoft's OneDrive photo services.
Google Photos enables users to store and organize their photos in the cloud, similar to Dropbox. It also provides automatic cloud storage of all photos taken with an Android device or by those who have signed up for Google Photos as part of their Google account. This service was created to help users backup their personal photographs and share them online without needing to worry about computer crashes or hard drive failures.
4.3.6
Some Android devices with a screen reader installed might not correctly announce the URL in an
Timeline
Published on: 04/05/2022 01:15:00 UTC
Last modified on: 04/08/2022 18:30:00 UTC