CVE-2016-5161

Published: Sep 11, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class.

Affected (2)

Products: Google: Chrome · Opensuse: Leap

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Up to 52.0.2743.116

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1

Related CWEs

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

References (26)

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2016-1854.html

Source: chrome-cve-admin@google.com

http://www.debian.org/security/2016/dsa-3660

Source: chrome-cve-admin@google.com

http://www.securityfocus.com/bid/92717

Source: chrome-cve-admin@google.com

http://www.securitytracker.com/id/1036729

Source: chrome-cve-admin@google.com

http://zerodayinitiative.com/advisories/ZDI-16-501/

Source: chrome-cve-admin@google.com

https://codereview.chromium.org/2103043004

Source: chrome-cve-admin@google.com

https://crbug.com/622420

Source: chrome-cve-admin@google.com

https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html

Source: chrome-cve-admin@google.com

https://security.gentoo.org/glsa/201610-09

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-1854.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3660

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/92717

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036729

Source: af854a3a-2127-422b-91ae-364da2661108

http://zerodayinitiative.com/advisories/ZDI-16-501/

Source: af854a3a-2127-422b-91ae-364da2661108

https://codereview.chromium.org/2103043004

Source: af854a3a-2127-422b-91ae-364da2661108

https://crbug.com/622420

Source: af854a3a-2127-422b-91ae-364da2661108

https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201610-09

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.