CVE-2016-1614Sensitive Information Exposure in Google Chrome

CWE-200Sensitive Information Exposure7 documents6 sources
Severity
4.3MEDIUMNVD
OSV7.6
EPSS
0.8%
top 26.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJan 25
Latest updateMay 17

Description

The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDgoogle/chrome47.0.2526.106

🔴Vulnerability Details

3
GHSA
GHSA-h4wm-f2h4-6p44: The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface2022-05-17
OSV
oxide-qt vulnerabilities2016-01-27
OSV
CVE-2016-1614: The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface2016-01-22

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2016-01-27
Red Hat
chromium-browser: information leak in Blink2016-01-20

💬Community

1
Bugzilla
CVE-2016-1614 chromium-browser: information leak in Blink2016-01-22