Heap Use After Free in Google Chrome Versions Prior to 55.0.2883.75
CVE-2016-5219

6.3MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 55.0.2883.75 For Mac, Windows And Linux, And 55.0.2883.84 For Android
Vendor
CVE Published:
19 January 2017

Summary

This vulnerability involves a heap use after free condition in the V8 JavaScript engine used by Google Chrome. The issue allows attackers to potentially exploit heap corruption through specially crafted HTML pages, leading to potential arbitrary code execution. The flaw affects various operating system versions of Google Chrome, including Mac, Windows, Linux, and Android, up to specified versions. Users are advised to update their browsers to mitigate the risks associated with this vulnerability.

Affected Version(s)

Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android

References

https://crbug.com/657568
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2919.html
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/94633
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.