CVE-2016-5226

6.1MEDIUM

Key Information:

Vendor: Google
Status: Google Chrome Prior To 55.0.2883.75 For Linux, Windows And Mac
Vendor: CVE Published:; 19 January 2017

Summary

Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.

Affected Version(s)

Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac

References

http://rhn.redhat.com/errata/RHSA-2016-2919.html

vendor-advisoryx_refsource_REDHAT

http://www.securityfocus.com/bid/94633

vdb-entryx_refsource_BID

https://crbug.com/639750

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 19, 2017
Vulnerability Reserved
May 31, 2016

Collectors

NVD DatabaseMitre Database

.