CVE-2016-5174

browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 53.0.2785.101
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
precise
ignored
trusty
Fixed 53.0.2785.143-0ubuntu0.14.04.1.1142
released
xenial
Fixed 53.0.2785.143-0ubuntu0.16.04.1.1254
released
yakkety
Fixed 53.0.2785.143-0ubuntu1.1307
released
oxide-qt
precise
dne
trusty
dne
xenial
not-affected
yakkety
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
chromium-browser
RHEL 6
0:53.0.2785.113-1.el6
fixed
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-1905.html
http://www.debian.org/security/2016/dsa-3667
http://www.securityfocus.com/bid/92942
http://www.securitytracker.com/id/1036826
https://codereview.chromium.org/2053343003
https://crbug.com/579934
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
https://security.gentoo.org/glsa/201610-09
http://rhn.redhat.com/errata/RHSA-2016-1905.html
http://www.debian.org/security/2016/dsa-3667
http://www.securityfocus.com/bid/92942
http://www.securitytracker.com/id/1036826
https://codereview.chromium.org/2053343003
https://crbug.com/579934
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
https://security.gentoo.org/glsa/201610-09