UXSS Vulnerability in Google Chrome Affecting Multiple Platforms
CVE-2016-5191

6.1MEDIUM

Key Information:

Vendor

Google
Status
Chrome Prior To 54.0.2840.59 For Windows, Mac, And Linux; 54.0.2840.85 For Android
Vendor
CVE Published:
18 December 2016

What is CVE-2016-5191?

The vulnerability in Google Chrome involves insufficient validation of data in bookmark handling, allowing remote attackers to inject arbitrary scripts or HTML. This weakness can be exploited through crafted HTML pages, specifically by manipulating the interpretation of the userinfo and scheme parts of a URL. The issue primarily affects versions of Google Chrome across multiple platforms, including Windows, Mac, Linux, and Android. Users are advised to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android

References

https://codereview.chromium.org/2411473002
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93528
vdb-entryx_refsource_BID
https://crbug.com/639126
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.