Use After Free Vulnerability in Google Chrome Affecting Multiple Platforms
CVE-2016-5215

6.3MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 55.0.2883.75 For Mac, Windows And Linux, And 55.0.2883.84 For Android
Vendor
CVE Published:
19 January 2017

Summary

A use after free vulnerability exists in the webaudio component of Google Chrome prior to version 55.0.2883.75 for desktop and prior to 55.0.2883.84 for Android. This flaw allows a remote attacker to leverage a specially crafted HTML page to perform an out of bounds memory read, which can lead to potential code execution or exposure of sensitive data. Users are encouraged to upgrade to the latest version of Chrome to mitigate the risk associated with this vulnerability.

Affected Version(s)

Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android

References

http://rhn.redhat.com/errata/RHSA-2016-2919.html
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/94633
vdb-entryx_refsource_BID
https://chromereleases.googleblog.com/2016/12/stable-chan...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.