CVE-2016-5208

medium

Description

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

References

https://security.gentoo.org/glsa/201612-11

https://crbug.com/658535

https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html

http://www.securityfocus.com/bid/94633

http://rhn.redhat.com/errata/RHSA-2016-2919.html

Details

Source: Mitre, NVD

Published: 2017-01-19

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium