CVE-2016-5198

HIGH KEV

Google Chrome < 54.0.2840.90 - Out-of-Bounds Write

Title source: rule

Description

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

References (6)

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-2672.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94079

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037224

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html

[Exploit, Issue Tracking] https://crbug.com/659475

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5198

Scores

CVSS v3 8.8

EPSS 0.7866

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-06-08

VulnCheck KEV 2019-09-24

InTheWild.io 2020-03-25

ENISA EUVD EUVD-2016-6149

CWE

CWE-787

Status published

Products (5)

google/chrome < 54.0.2840.90

n/a/Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Wi

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_workstation 6.0

Published Jan 19, 2017

KEV Added Jun 08, 2022

Tracked Since Feb 18, 2026