CVE-2016-5208Cross-site Scripting in Google Chrome

CWE-79Cross-site Scripting8 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 52.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJan 19
Latest updateMay 14

Description

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDgoogle/chrome54.0.2840.99

🔴Vulnerability Details

3
GHSA
GHSA-w2w4-fc9r-jgq5: Blink in Google Chrome prior to 552022-05-14
OSV
oxide-qt vulnerabilities2016-12-09
OSV
CVE-2016-5208: Blink in Google Chrome prior to 552016-12-06

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2016-12-09
Red Hat
chromium-browser: universal xss in blink2016-12-01

💬Community

2
Bugzilla
chromium: various flaws [fedora-all]2016-12-02
Bugzilla
CVE-2016-5208 chromium-browser: universal xss in blink2016-12-02