CVE-2016-5198
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
Published
2017-01-19T05:59:00.213
Last Modified
2025-04-20T01:37:25.860
Status
Deferred
Source
[email protected]
Severity
CVSSv3.1: 8.8 (HIGH)
CVSSv2 Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
- Access Vector: NETWORK
- Access Complexity: MEDIUM
- Authentication: NONE
- Confidentiality Impact: PARTIAL
- Integrity Impact: PARTIAL
- Availability Impact: PARTIAL
Exploitability Score
8.6
Impact Score
6.4
Weaknesses
-
Type: Primary
CWE-125
CWE-787
-
Type: Secondary
CWE-787
Affected Vendors & Products
References
-
http://rhn.redhat.com/errata/RHSA-2016-2672.html
Third Party Advisory
([email protected])
-
http://www.securityfocus.com/bid/94079
Broken Link, Third Party Advisory, VDB Entry
([email protected])
-
http://www.securitytracker.com/id/1037224
Broken Link, Third Party Advisory, VDB Entry
([email protected])
-
https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html
Release Notes, Vendor Advisory
([email protected])
-
https://crbug.com/659475
Exploit, Issue Tracking
([email protected])
-
http://rhn.redhat.com/errata/RHSA-2016-2672.html
Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.securityfocus.com/bid/94079
Broken Link, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.securitytracker.com/id/1037224
Broken Link, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html
Release Notes, Vendor Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://crbug.com/659475
Exploit, Issue Tracking
(af854a3a-2127-422b-91ae-364da2661108)