CVE-2016-5196Google Chrome vulnerability

CWE-2542 documents2 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 30.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJan 19
Latest updateMay 17

Description

The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDgoogle/chrome54.0.2840.68

🔴Vulnerability Details

1
GHSA
GHSA-qj3x-4qq5-763f: The content renderer client in Google Chrome prior to 542022-05-17