Out of Bounds Memory Read Vulnerability in Google Chrome for Multiple Platforms
CVE-2016-5190

6.3MEDIUM

Key Information:

Vendor

Google
Status
Chrome Prior To 54.0.2840.59 For Windows, Mac, And Linux; 54.0.2840.85 For Android
Vendor
CVE Published:
18 December 2016

What is CVE-2016-5190?

Google Chrome versions prior to 54.0.2840.59 for Windows, Mac, and Linux, and prior to 54.0.2840.85 for Android, suffer from a flaw in handling object lifecycles during application shutdown. This oversight allows a remote attacker to exploit the vulnerability by crafting malicious HTML content, resulting in an out of bounds memory read. The exploitation exposes sensitive information, potentially compromising user data and system security.

Affected Version(s)

Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android

References

http://www.securityfocus.com/bid/93528
vdb-entryx_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-2067.html
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201610-09
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.