CVE-2016-5186 — Out-of-bounds Read in Google Chrome

CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

5.3MEDIUMNVD

OSV7.5

EPSS

0.3%

top 44.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedDec 18

Latest updateMay 14

Description

Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages1 packages

▶NVDgoogle/chrome53.0.2785.143

🔴Vulnerability Details

GHSA

GHSA-3gjx-83h4-mg3w: Devtools in Google Chrome prior to 54↗2022-05-14

▶

OSV

oxide-qt vulnerabilities↗2016-11-02

▶

OSV

CVE-2016-5186: Devtools in Google Chrome prior to 54↗2016-10-17

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2016-11-02

▶

Red Hat

chromium-browser: out of bounds read in devtools↗2016-10-12

▶

💬Community

Bugzilla

CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 CVE-2016-5194 chro↗2016-10-13

▶

Bugzilla

CVE-2016-5186 chromium-browser: out of bounds read in devtools↗2016-10-13

▶