6.5
CVE-2016-5172
- EPSS 1.86%
- Veröffentlicht 25.09.2016 20:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle chrome-cve-admin@google.com
- CVE-Watchlists
- Unerledigt
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.86% | 0.765 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://security.gentoo.org/glsa/201610-09
http://www.debian.org/security/2016/dsa-3667
http://rhn.redhat.com/errata/RHSA-2016-1905.html
http://www.securityfocus.com/bid/92942
http://www.securitytracker.com/id/1036826
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
https://codereview.chromium.org/2077283004
https://crbug.com/616386