Launchpad.net

CVE 2017-5092

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

See the CVE page on Mitre.org for more details.