CVE-2016-5172

medium

Description

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.

References

https://security.gentoo.org/glsa/201610-09

https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html

https://crbug.com/616386

https://codereview.chromium.org/2077283004

http://www.securitytracker.com/id/1036826

http://www.securityfocus.com/bid/92942

http://www.debian.org/security/2016/dsa-3667

http://rhn.redhat.com/errata/RHSA-2016-1905.html

Details

Source: Mitre, NVD

Published: 2016-09-25

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N