CVE-2016-5198
published 2017-01-19CVE-2016-5198: V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation…
PriorityP182high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
34.70%
98.2th percentile
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | < 54.0.2840.90 | 54.0.2840.90 | |
| chrome | < 54.0.2840.85 | 54.0.2840.85 | |
| chrome | < 54.0.2840.87 | 54.0.2840.87 | |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation is triggered via a crafted HTML page delivered remotely; monitor for suspicious renderer process behavior in Chrome/Chromium versions prior to 54.0.2840.90 (Linux), 54.0.2840.87 (Windows/Mac), and 54.0.2840.85 (Android) ↗
- →The vulnerability resides in the V8 JavaScript engine's optimization logic (incorrect optimisation assumptions); focus detection on anomalous V8 JIT compiler behavior or out-of-bounds memory access patterns within the renderer sandbox ↗
- →This vulnerability is in CISA's Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild exploitation; prioritize detection across all Chromium-based browsers (Google Chrome, Microsoft Edge, Opera) running affected versions ↗
- →Track the upstream Chromium issue tracker bug ID 659475 for any published proof-of-concept or exploit samples associated with this CVE ↗
- ·Affected version thresholds differ by platform: patch versions are 54.0.2840.90 (Linux), 54.0.2840.87 (Windows/Mac), and 54.0.2840.85 (Android); version-based detection rules must account for all three thresholds ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Google Chromium V8 Out-of-Bounds Memory Vulnerability
cisa·2022-06-08·CVSS 8.8
CVE-2016-5198 [HIGH] CWE-125 Google Chromium V8 Out-of-Bounds Memory Vulnerability
Vulnerability: Google Chromium V8 Out-of-Bounds Memory Vulnerability
Affected: Google Chromium V8
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-5198
Remediation Due Date: 2022-06-22
Ubuntu
Oxide vulnerabilities
vendor_ubuntu·2016-12-01·CVSS 8.8
CVE-2016-5198 [HIGH] Oxide vulnerabilities
Title: Oxide vulnerabilities
Summary: Several security issues were fixed in Oxide.
Multiple security vulnerabilities were discovered in Chromium. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2016-5198, CVE-2016-5200, CVE-2016-5202)
A heap-corruption issue was discovered in FFmpeg. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code. (CVE-2016-5199)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
chromium-browser: out of bounds memory access in v8
vendor_redhat·2016-11-01·CVSS 8.8
CVE-2016-5198 [HIGH] chromium-browser: out of bounds memory access in v8
chromium-browser: out of bounds memory access in v8
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
GHSA
GHSA-cpfm-2p8w-wrxc: V8 in Google Chrome prior to 54
ghsa_unreviewed·2022-05-14
CVE-2016-5198 [HIGH] CWE-125 GHSA-cpfm-2p8w-wrxc: V8 in Google Chrome prior to 54
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
OSV
oxide-qt vulnerabilities
osv·2016-12-01·CVSS 8.8
CVE-2016-5198 [HIGH] oxide-qt vulnerabilities
oxide-qt vulnerabilities
Multiple security vulnerabilities were discovered in Chromium. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2016-5198, CVE-2016-5200, CVE-2016-5202)
A heap-corruption issue was discovered in FFmpeg. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code. (CVE-2016-5199)
OSV
CVE-2016-5198: V8 in Google Chrome prior to 54
osv·2016-11-08·CVSS 8.8
CVE-2016-5198 [HIGH] CVE-2016-5198: V8 in Google Chrome prior to 54
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
VulnCheck
Google Chromium V8 Out-of-Bounds Memory Vulnerability
vulncheck·2016·CVSS 8.8
CVE-2016-5198 [HIGH] CWE-125 Google Chromium V8 Out-of-Bounds Memory Vulnerability
Google Chromium V8 Out-of-Bounds Memory Vulnerability
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Affected: Google Chromium V8
Required Action: Apply updates per vendor instructions.
Exploitation References: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
Remediation Due: 2022-06-22
No detection rules found.
No public exploits indexed.
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Ciberamenazas
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primari
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
# MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi
2024/12/05
Read time: ( words)
Save to Folio
#### Summary
- Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
- MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, prim
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi 2024/12/05 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primarily
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyberbedrohungen
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, prim
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primari
Bugzilla
CVE-2016-5198 chromium-browser: out of bounds memory access in v8
bugzilla·2016-11-03·CVSS 8.8
CVE-2016-5198 [HIGH] CVE-2016-5198 chromium-browser: out of bounds memory access in v8
CVE-2016-5198 chromium-browser: out of bounds memory access in v8
An out of bounds memory access flaw was found in the V8 component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=659475
External References:
https://googlechromereleases.blogspot.com/2016/11/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1391358]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2016:2672 https://rhn.redhat.com/errata/RHSA-2016-2672.html
Bugzilla
CVE-2016-5198 chromium: chromium-browser: out of bounds memory access in v8 [fedora-all]
bugzilla·2016-11-03·CVSS 8.8
CVE-2016-5198 [HIGH] CVE-2016-5198 chromium: chromium-browser: out of bounds memory access in v8 [fedora-all]
CVE-2016-5198 chromium: chromium-browser: out of bounds memory access in v8 [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported v
http://rhn.redhat.com/errata/RHSA-2016-2672.htmlhttp://www.securityfocus.com/bid/94079http://www.securitytracker.com/id/1037224https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.htmlhttps://crbug.com/659475http://rhn.redhat.com/errata/RHSA-2016-2672.htmlhttp://www.securityfocus.com/bid/94079http://www.securitytracker.com/id/1037224https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.htmlhttps://crbug.com/659475https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5198
2017-01-19
Published
2022-06-08
Added to CISA KEV
Exploited in the wild