alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Google Chrome XSS (CVE-2017-5124)"; flow:from_server,established; http.content_type; content:"multipart/related"; fast_pattern; startswith; file.data; content:"<xsl"; pcre:"/^((?!<\/xsl).)+?src\s*=\s*[\x27\x22](?P<loc>[^\x22\x27]+?)[\x27\x22].+?Content-Location\x3a\s+(?P=loc)/Rsi"; reference:cve,2017-5124; classtype:attempted-user; sid:2024996; rev:6; metadata:affected_product Google_Chrome, attack_target Client_Endpoint, created_at 2017_11_15, cve CVE_2017_5124, deployment Perimeter, performance_impact Low, signature_severity Major, tag Web_Client_Attacks, updated_at 2020_11_05;)