CVE-2016-5193

Published: Dec 18, 2016Modified: May 6, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.

Affected (1)

Products: Google: Chrome

Google

1 product

Chrome

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Up to 53.0.2785.143

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://rhn.redhat.com/errata/RHSA-2016-2067.html

Source: chrome-cve-admin@google.com

http://www.securityfocus.com/bid/93528

Source: chrome-cve-admin@google.com

https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html

Source: chrome-cve-admin@google.com

https://crbug.com/639658

Source: chrome-cve-admin@google.com

https://security.gentoo.org/glsa/201610-09

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2016-2067.html