Memory Corruption Vulnerability in Google Chrome on Multiple Platforms
CVE-2016-5202

9.1CRITICAL

Key Information:

Vendor

Chromium-browser

Status
Chromium-browser
Vendor
CVE Published:
25 October 2019

What is CVE-2016-5202?

A memory corruption issue exists in Google Chrome that stems from improper handling of device IDs during an erase operation. Specifically, the browser fails to copy a device ID before executing an erase call, allowing the erase function to access and manipulate data that it subsequently erases. This flaw can result in unpredictable behavior, potentially leading to loss of sensitive information or exploitation avenues for malicious actors.

Affected Version(s)

chromium-browser before 54.0.2840.100

References

https://security-tracker.debian.org/tracker/CVE-2016-5202
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5202
x_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-5202
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.