CVE-2016-5141

Published: Aug 7, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.

Affected (1)

Products: Google: Chrome

Google

1 product

Chrome

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Up to 52.0.2743.82

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2016-1580.html

Source: chrome-cve-admin@google.com

http://www.debian.org/security/2016/dsa-3645

Source: chrome-cve-admin@google.com

http://www.securityfocus.com/bid/92276

Source: chrome-cve-admin@google.com

http://www.securitytracker.com/id/1036547

Source: chrome-cve-admin@google.com

https://codereview.chromium.org/2171063002

Source: chrome-cve-admin@google.com

https://crbug.com/629542

Source: chrome-cve-admin@google.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/

Source: chrome-cve-admin@google.com

https://security.gentoo.org/glsa/201610-09

Source: chrome-cve-admin@google.com

http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html