UXSS Vulnerability in Google Chrome for Linux, Windows, and Mac
CVE-2016-5205

6.1MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 55.0.2883.75 For Linux, Windows And Mac
Vendor
CVE Published:
19 January 2017

Summary

The vulnerability in Google Chrome prior to version 55.0.2883.75 arises from improper handling of deferred page loads by Blink, the browser's rendering engine. This flaw permits a remote attacker to execute arbitrary scripts or HTML content via specially crafted HTML pages, potentially compromising user data and session integrity.

Affected Version(s)

Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac

References

http://rhn.redhat.com/errata/RHSA-2016-2919.html
vendor-advisoryx_refsource_REDHAT
https://crbug.com/646610
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94633
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.