CVE-2016-5172 — Sensitive Information Exposure in Google Chrome

CWE-200 — Sensitive Information Exposure9 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

1.1%

top 21.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Nodejs Node.js Debian Linux

Timeline

PublishedSep 25

Latest updateMay 14

Description

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDgoogle/chrome53.0.2785.101

▶NVDnodejs/node.js6.0.0 — 6.8.1

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-9g2q-xpx4-5592: The parser in Google V8, as used in Google Chrome before 53↗2022-05-14

▶

OSV

oxide-qt vulnerabilities↗2016-10-07

▶

OSV

CVE-2016-5172: The parser in Google V8, as used in Google Chrome before 53↗2016-09-25

▶

CVEList

CVE-2016-5172: The parser in Google V8, as used in Google Chrome before 53↗2016-09-25

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2016-10-07

▶

Red Hat

chromium-browser: arbitrary memory read in v8↗2016-09-13

▶

💬Community

Bugzilla

CVE-2016-5172 chromium-browser: arbitrary memory read in v8↗2016-09-14

▶

Bugzilla

CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173 CVE-2016-5174 CVE-2016-5175 chromium: various flaws [fedora-all]↗2016-09-14

▶