CVE-2016-5153 — Google Chrome vulnerability

CWE-198 documents6 sources
Severity
8.8HIGHNVD
OSV7.5
EPSS
1.7%
top 17.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeOpensuse Leap
Timeline
PublishedSep 11
Latest updateMay 14

Description

The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

â–¶NVDgoogle/chrome52.0.2743.116
â–¶NVDopensuse/leap42.1

🔴Vulnerability Details

3
GHSA
GHSA-h3m9-mwjj-3wg2: The Web Animations implementation in Blink, as used in Google Chrome before 53↗2022-05-14
â–¶
OSV
oxide-qt vulnerabilities↗2016-09-14
â–¶
OSV
CVE-2016-5153: The Web Animations implementation in Blink, as used in Google Chrome before 53↗2016-09-02
â–¶

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities↗2016-09-14
â–¶
Red Hat
chromium-browser: use after destruction in blink↗2016-08-31
â–¶

💬Community

2
Bugzilla
chromium: various flaws [fedora-all]↗2016-09-01
â–¶
Bugzilla
CVE-2016-5153 chromium-browser: use after destruction in blink↗2016-09-01
â–¶
CVE-2016-5153 — Google Chrome vulnerability | cvebase