CVE-2016-5222 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation8 documents6 sources

Severity

6.5MEDIUMNVD

OSV6.1

EPSS

0.3%

top 43.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedJan 19

Latest updateMay 14

Description

Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDgoogle/chrome54.0.2840.99

🔴Vulnerability Details

GHSA

GHSA-w98r-9h82-6jxm: Incorrect handling of invalid URLs in Google Chrome prior to 55↗2022-05-14

▶

OSV

oxide-qt vulnerabilities↗2016-12-09

▶

OSV

CVE-2016-5222: Incorrect handling of invalid URLs in Google Chrome prior to 55↗2016-12-06

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2016-12-09

▶

Red Hat

chromium-browser: address spoofing in omnibox↗2016-12-01

▶

💬Community

Bugzilla

chromium: various flaws [fedora-all]↗2016-12-02

▶

Bugzilla

CVE-2016-5222 chromium-browser: address spoofing in omnibox↗2016-12-02

▶