Back to KEVs

CVE-2016-5198

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect...

Basic Information

CVE State
PUBLISHED
Reserved Date
May 31, 2016
Published Date
January 19, 2017
Last Updated
January 29, 2025
Vendor
n/a
Product
Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac
Description
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2022-06-08 00:00:00 UTC) Source

References

https://crbug.com/659475 http://www.securityfocus.com/bid/94079 http://www.securitytracker.com/id/1037224 http://rhn.redhat.com/errata/RHSA-2016-2672.html https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-06-08 00:00:00 UTC