Remote Code Execution Vulnerability in Google Chrome for Android
CVE-2016-5197

8.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 54.0.2840.85 For Android
Vendor
CVE Published:
19 January 2017

Summary

The content view client in Google Chrome for Android prior to version 54.0.2840.85 exhibits insufficient validation of intent URLs. This flaw allows an attacker, who has compromised the renderer process, to initiate arbitrary activities on a user's device through a specially crafted HTML page, potentially leading to unauthorized access or data manipulation.

Affected Version(s)

Google Chrome prior to 54.0.2840.85 for Android Google Chrome prior to 54.0.2840.85 for Android

References

https://chromereleases.googleblog.com/2016/10/chrome-for-...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94078
vdb-entryx_refsource_BID
https://crbug.com/659477
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.