CVE-2016-5207Cross-site Scripting in Google Chrome

CWE-79Cross-site Scripting8 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 54.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJan 19
Latest updateMay 14

Description

In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDgoogle/chrome54.0.2840.99

🔴Vulnerability Details

3
GHSA
GHSA-3p39-7f4w-92pm: In Blink in Google Chrome prior to 552022-05-14
OSV
oxide-qt vulnerabilities2016-12-09
OSV
CVE-2016-5207: In Blink in Google Chrome prior to 552016-12-06

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2016-12-09
Red Hat
chromium-browser: universal xss in blink2016-12-01

💬Community

2
Bugzilla
chromium: various flaws [fedora-all]2016-12-02
Bugzilla
CVE-2016-5207 chromium-browser: universal xss in blink2016-12-02