CVE-2016-5226 — Cross-site Scripting in Google Chrome

CWE-79 — Cross-site Scripting CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources

Severity

9.8CRITICALNVD

NVD6.1OSV6.1

EPSS

0.2%

top 62.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Microfocus Rumba

Timeline

PublishedJan 19

Latest updateMay 17

Description

Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDgoogle/chrome54.0.2840.99

▶NVDmicrofocus/rumba9.4

🔴Vulnerability Details

GHSA

GHSA-qcj4-wjgr-2rrf: Stack-based buffer overflow in the PlayMacro function in ObjectXMacro↗2022-05-17

▶

GHSA

GHSA-wcwx-8xqr-m2mc: Blink in Google Chrome prior to 55↗2022-05-14

▶

OSV

oxide-qt vulnerabilities↗2016-12-09

▶

OSV

CVE-2016-5226: Blink in Google Chrome prior to 55↗2016-12-06

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2016-12-09

▶

Red Hat

chromium-browser: limited xss in blink↗2016-12-01

▶

💬Community

Bugzilla

chromium: various flaws [fedora-all]↗2016-12-02

▶

Bugzilla

CVE-2016-5226 chromium-browser: limited xss in blink↗2016-12-02

▶