CVE-2016-5205

6.1MEDIUM

Key Information:

Vendor: Google
Status: Google Chrome Prior To 55.0.2883.75 For Linux, Windows And Mac
Vendor: CVE Published:; 19 January 2017

Summary

Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

Affected Version(s)

Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac

References

http://rhn.redhat.com/errata/RHSA-2016-2919.html

vendor-advisoryx_refsource_REDHAT

https://crbug.com/646610

x_refsource_CONFIRM

http://www.securityfocus.com/bid/94633

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 19, 2017
Vulnerability Reserved
May 31, 2016

Collectors

NVD DatabaseMitre Database