Navigation Spoofing in Google Chrome for Multiple Platforms
CVE-2016-5189

6.5MEDIUM

Key Information:

Vendor

Google
Status
Chrome Prior To 54.0.2840.59 For Windows, Mac, And Linux; 54.0.2840.85 For Android
Vendor
CVE Published:
18 December 2016

What is CVE-2016-5189?

A vulnerability in Google Chrome prior to version 54.0.2840.59 for Windows, Mac, and Linux, and version 54.0.2840.85 for Android, arises from the browser's handling of blob URLs with non-canonical origins. This flaw can be exploited by remote attackers to manipulate and spoof the contents displayed in the Omnibox (URL bar) by delivering specially crafted HTML pages, posing a significant risk for users who rely on secure browsing.

Affected Version(s)

Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android

References

https://crbug.com/646278
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93528
vdb-entryx_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-2067.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.