Heap Corruption in Google Chrome Due to Insufficient Bitmap Handling
CVE-2016-5182

8.8HIGH

Key Information:

Vendor

Google
Status
Chrome Prior To 54.0.2840.59 For Windows, Mac, And Linux; 54.0.2840.85 For Android
Vendor
CVE Published:
18 December 2016

What is CVE-2016-5182?

In Google Chrome versions prior to 54.0.2840.59 for Windows, Mac, and Linux, and prior to 54.0.2840.85 for Android, a flaw was identified in the Blink rendering engine related to insufficient validation in bitmap handling. This vulnerability could enable a remote attacker to exploit the issue via specially crafted HTML pages, potentially leading to heap corruption. Such exploitation could compromise the integrity of the application, allowing unauthorized access or malicious disruptions.

Affected Version(s)

Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android

References

http://www.securityfocus.com/bid/93528
vdb-entryx_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-2067.html
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201610-09
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.