CVE-2016-1618Sensitive Information Exposure in Google Chrome

CWE-200Sensitive Information ExposureCWE-310CWE-338Use of Cryptographically Weak Pseudo-Random Number Generator7 documents6 sources
Severity
6.5MEDIUMNVD
OSV7.6
EPSS
0.9%
top 24.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJan 25
Latest updateMay 17

Description

Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDgoogle/chrome47.0.2526.106

🔴Vulnerability Details

3
GHSA
GHSA-xjgv-3xxv-376h: Blink, as used in Google Chrome before 482022-05-17
OSV
oxide-qt vulnerabilities2016-01-27
OSV
CVE-2016-1618: Blink, as used in Google Chrome before 482016-01-22

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2016-01-27
Red Hat
chromium-browser: weak random number generator in Blink2016-01-20

💬Community

1
Bugzilla
CVE-2016-1618 chromium-browser: weak random number generator in Blink2016-01-22