CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
ChromeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
googlechrome
𝑥
≤ 53.0.2785.101
nodejsnode.js
6.0.0 ≤
𝑥
≤ 6.8.1
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
yakkety
Fixed 53.0.2785.143-0ubuntu1.1307
released
xenial
Fixed 53.0.2785.143-0ubuntu0.16.04.1.1254
released
trusty
Fixed 53.0.2785.143-0ubuntu0.14.04.1.1142
released
precise
ignored
oxide-qt
yakkety
Fixed 1.17.9-0ubuntu1
released
xenial
Fixed 1.17.9-0ubuntu0.16.04.1
released
trusty
Fixed 1.17.9-0ubuntu0.14.04.1
released
precise
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-1905.html
http://www.debian.org/security/2016/dsa-3667
http://www.securityfocus.com/bid/92942
http://www.securitytracker.com/id/1036826
https://codereview.chromium.org/2077283004
https://crbug.com/616386
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
https://security.gentoo.org/glsa/201610-09
http://rhn.redhat.com/errata/RHSA-2016-1905.html
http://www.debian.org/security/2016/dsa-3667
http://www.securityfocus.com/bid/92942
http://www.securitytracker.com/id/1036826
https://codereview.chromium.org/2077283004
https://crbug.com/616386
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
https://security.gentoo.org/glsa/201610-09