Vulnerability Details : CVE-2016-5172
Potential exploit
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
Vulnerability category: Information leak
Products affected by CVE-2016-5172
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5172
0.92%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5172
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2016-5172
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5172
-
http://www.debian.org/security/2016/dsa-3667
Debian -- Security Information -- DSA-3667-1 chromium-browserThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1905.html
RHSA-2016:1905 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
Chrome Releases: Stable Channel Update for DesktopVendor Advisory
-
https://crbug.com/616386
616386 - Security: Arbitrary Memory Read in v8 - chromium - MonorailPermissions Required
-
https://codereview.chromium.org/2077283004
Issue 2077283004: Rewrite scopes of non-simple default arguments - Code ReviewIssue Tracking;Patch
-
http://www.securitytracker.com/id/1036826
Google Chrome Multiple Flaws Lets Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201610-09
Chromium: Multiple vulnerabilities (GLSA 201610-09) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/bid/92942
Google Chrome Prior to 53.0.2785.113 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Jump to