CVE-2016-5198

Published: Jan 19, 2017Modified: Apr 21, 2026CISA KEV

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

Affected (6)

Products: Google: Chrome · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation

1 product

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 54.0.2840.90

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 54.0.2840.85

Running on/with	Platform Versions
Google Android	All versions

Configuration C

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 54.0.2840.87

Running on/with	Platform Versions
Apple Macos	All versions
Microsoft Windows	All versions

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (11)

http://rhn.redhat.com/errata/RHSA-2016-2672.html

Source: chrome-cve-admin@google.com

Third Party Advisory

http://www.securityfocus.com/bid/94079

Source: chrome-cve-admin@google.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037224

Source: chrome-cve-admin@google.com

Broken LinkThird Party AdvisoryVDB Entry

https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html

Source: chrome-cve-admin@google.com

Release NotesVendor Advisory

https://crbug.com/659475

Source: chrome-cve-admin@google.com

ExploitIssue Tracking

http://rhn.redhat.com/errata/RHSA-2016-2672.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/94079

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037224

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://crbug.com/659475

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5198

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.