XSS Vulnerability in Google Chrome for Windows, Linux, and Mac
CVE-2016-5226

6.1MEDIUM

Key Information:

Vendor

Google
Status
Google Chrome Prior To 55.0.2883.75 For Linux, Windows And Mac
Vendor
CVE Published:
19 January 2017

What is CVE-2016-5226?

The vulnerability allows a user to execute arbitrary JavaScript code by dragging and dropping a malicious 'javascript:' URL into the Google Chrome URL bar. This risks exposing sensitive information and could lead to various security exploits as the script executes within the context of the current tab. Users are encouraged to update Google Chrome to the latest version to mitigate this potential risk.

Affected Version(s)

Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac

References

http://rhn.redhat.com/errata/RHSA-2016-2919.html
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/94633
vdb-entryx_refsource_BID
https://crbug.com/639750
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-5226 : XSS Vulnerability in Google Chrome for Windows, Linux, and Mac