CVE-2016-5220Sensitive Information Exposure in Google Chrome

CWE-200Sensitive Information Exposure6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 42.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJan 19
Latest updateMay 14

Description

PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDgoogle/chrome54.0.2840.99

🔴Vulnerability Details

2
GHSA
GHSA-hvwr-h8pg-6q6w: PDFium in Google Chrome prior to 552022-05-14
OSV
CVE-2016-5220: PDFium in Google Chrome prior to 552017-01-19

📋Vendor Advisories

1
Red Hat
chromium-browser: local file access in pdfium2016-12-01

💬Community

2
Bugzilla
chromium: various flaws [fedora-all]2016-12-02
Bugzilla
CVE-2016-5220 chromium-browser: local file access in pdfium2016-12-02