Vulnerability Details : CVE-2016-5141
Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.
Vulnerability category: Input validation
Products affected by CVE-2016-5141
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5141
0.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5141
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-5141
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5141
-
http://www.securitytracker.com/id/1036547
Google Chrome Multiple Flaws Lets Remote Users Bypass Same-Origin Restrictions, Spoof URLs, and Execute Arbitrary Code - SecurityTracker
-
https://crbug.com/629542
Inloggen - Google AccountsPermissions Required
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/
[SECURITY] Fedora 24 Update: chromium-52.0.2743.116-1.fc24 - package-announce - Fedora Mailing-Lists
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html
[security-announce] openSUSE-SU-2016:1983-1: important: Security update
-
https://codereview.chromium.org/2171063002
Issue 2171063002: Notify the Blink client synchronously if the initial doc is accessed. - Code ReviewIssue Tracking
-
http://rhn.redhat.com/errata/RHSA-2016-1580.html
RHSA-2016:1580 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2016/dsa-3645
Debian -- Security Information -- DSA-3645-1 chromium-browser
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html
[security-announce] openSUSE-SU-2016:1982-1: important: Security update
-
https://security.gentoo.org/glsa/201610-09
Chromium: Multiple vulnerabilities (GLSA 201610-09) — Gentoo security
-
http://www.securityfocus.com/bid/92276
Google Chrome Prior to 52.0.2743.116 Multiple Security Vulnerabilities
-
http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html
Chrome Releases: Stable Channel Update for DesktopRelease Notes
Jump to