8.8

CVE-2016-5198

Warning
Exploit

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

Data is provided by the National Vulnerability Database (NVD)
GoogleChrome Version < 54.0.2840.90
   LinuxLinux Kernel Version-
GoogleChrome Version < 54.0.2840.85
   GoogleAndroid Version-
GoogleChrome Version < 54.0.2840.87
   ApplemacOS Version-
   MicrosoftWindows Version-

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chromium V8 Out-of-Bounds Memory Vulnerability

Vulnerability

Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 69.4% 0.986
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securityfocus.com/bid/94079
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1037224
Third Party Advisory
Broken Link
VDB Entry
https://crbug.com/659475
Exploit
Issue Tracking