CVE-2016-5193 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation6 documents5 sources

Severity

4.3MEDIUMNVD

OSV3.3

EPSS

0.3%

top 49.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Irssi Google Chrome

Timeline

PublishedDec 18

Latest updateMay 14

Description

Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDgoogle/chrome53.0.2785.143

▶Ubuntuirssi/irssi< 0.8.15-5ubuntu3.1+1

🔴Vulnerability Details

GHSA

GHSA-8vpq-vv9q-59cq: Google Chrome prior to 54↗2022-05-14

▶

OSV

irssi vulnerabilities↗2017-02-01

▶

📋Vendor Advisories

Red Hat

chromium-browser: scheme bypass↗2016-10-12

▶

💬Community

Bugzilla

CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 CVE-2016-5194 chro↗2016-10-13

▶

Bugzilla

CVE-2016-5193 chromium-browser: scheme bypass↗2016-10-13

▶