Heap Corruption Vulnerability in Google Chrome Affecting Multiple Platforms
CVE-2016-5184

8.8HIGH

Key Information:

Vendor

Google
Status
Chrome Prior To 54.0.2840.59 For Windows, Mac, And Linux; 54.0.2840.85 For Android
Vendor
CVE Published:
18 December 2016

What is CVE-2016-5184?

In Google Chrome versions prior to 54.0.2840.59 for Windows, Mac, and Linux, and 54.0.2840.85 for Android, an issue in the PDFium library could lead to improper handling of object lifecycles in the CFFL_FormFillter::KillFocusForAnnot function. This flaw enables remote attackers to craft malicious PDF files that may exploit heap corruption, potentially allowing an attacker to execute arbitrary code or crash the application.

Affected Version(s)

Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android

References

https://crbug.com/630654
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93528
vdb-entryx_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-2067.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.