CVE-2016-5181
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
18/12/2016
Last modified:
12/04/2025
Description
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | 53.0.2785.143 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://rhn.redhat.com/errata/RHSA-2016-2067.html
- http://www.securityfocus.com/bid/93528
- https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html
- https://codereview.chromium.org/2330843002
- https://crbug.com/645211
- https://security.gentoo.org/glsa/201610-09
- http://rhn.redhat.com/errata/RHSA-2016-2067.html
- http://www.securityfocus.com/bid/93528
- https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html
- https://codereview.chromium.org/2330843002
- https://crbug.com/645211
- https://security.gentoo.org/glsa/201610-09