CVE-2016-5172
MEDIUMGoogle Chrome < 53.0.2785.113 - Exposure of Sensitive Information via V8 Parser Scope Mishandling
Title source: llmDescription
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
References (8)
Core 8
Core References
Issue Tracking x_refsource_confirm
https://crbug.com/616386
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3667
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036826
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92942
Release Notes, Vendor Advisory x_refsource_confirm
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
Patch x_refsource_confirm
https://codereview.chromium.org/2077283004
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201610-09
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1905.html
Scores
CVSS v3
6.5
EPSS
0.0113
EPSS Percentile
78.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (4)
debian/debian_linux
8.0
debian/debian_linux
9.0
google/chrome
< 53.0.2785.101
nodejs/node.js
6.0.0 - 6.8.1
Published
Sep 25, 2016
Tracked Since
Feb 18, 2026