CVE-2016-5198

HIGH KEV

Google Chrome < 54.0.2840.90 - Out-of-bounds Write via V8 Optimisation Assumptions

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2016-5198 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022.

Description

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

References (6)

Core 6
Core References
Exploit, Issue Tracking x_refsource_confirm
https://crbug.com/659475
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94079
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037224
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2672.html

Scores

CVSS v3 8.8
EPSS 0.7866
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-06-08
VulnCheck KEV 2019-09-24
InTheWild.io 2020-03-25
ENISA EUVD EUVD-2016-6149
CWE
CWE-787
Status published
Products (5)
google/chrome < 54.0.2840.90
n/a/Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Wi
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_workstation 6.0
Published Jan 19, 2017
KEV Added Jun 08, 2022
Tracked Since Feb 18, 2026