Out of Bounds Memory Read Vulnerability in Google Chrome for Multiple Platforms
CVE-2016-5185

8.8HIGH

Key Information:

Vendor

Google
Status
Chrome Prior To 54.0.2840.59 For Windows, Mac, And Linux; 54.0.2840.85 For Android
Vendor
CVE Published:
18 December 2016

What is CVE-2016-5185?

A vulnerability in the Blink rendering engine of Google Chrome allows remote attackers to exploit crafted HTML pages for an out of bounds memory read. This occurs due to improper handling of the FrameView::updateLifecyclePhasesInternal() function, which permits reentrance under certain conditions. Users running versions of Google Chrome prior to 54.0.2840.59 on Windows, Mac, and Linux, or 54.0.2840.85 on Android, are particularly at risk, as this flaw can potentially lead to unauthorized disclosure of sensitive information.

Affected Version(s)

Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android

References

http://www.securityfocus.com/bid/93528
vdb-entryx_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-2067.html
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201610-09
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.