CVE-2016-5212Sensitive Information Exposure in Google Chrome

CWE-200Sensitive Information Exposure8 documents6 sources
Severity
6.5MEDIUMNVD
OSV6.1
EPSS
0.4%
top 40.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJan 19
Latest updateMay 14

Description

Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDgoogle/chrome54.0.2840.99

🔴Vulnerability Details

3
GHSA
GHSA-pmxv-x7hh-7gg7: Google Chrome prior to 552022-05-14
OSV
oxide-qt vulnerabilities2016-12-09
OSV
CVE-2016-5212: Google Chrome prior to 552016-12-06

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2016-12-09
Red Hat
chromium-browser: local file disclosure in devtools2016-12-01

💬Community

2
Bugzilla
chromium: various flaws [fedora-all]2016-12-02
Bugzilla
CVE-2016-5212 chromium-browser: local file disclosure in devtools2016-12-02