CVE-2016-5198
CVE-2016-5198
In short
V8 (Chrome's JavaScript engine) had a flaw in its optimization logic that allowed attackers to read and write arbitrary memory through a malicious website, potentially leading to complete control of your browser.
Technical detail
V8's optimization assumptions were incorrect, allowing out-of-bounds memory access (CWE-787) via crafted JavaScript in a web page. This enabled arbitrary read/write operations in the renderer process, facilitating code execution with renderer privileges.
Summary generated and translated by AI from the official description.
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and MacWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://rhn.redhat.com/errata/RHSA-2016-2672.htmlhttps://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.htmlhttps://crbug.com/659475https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5198http://www.securityfocus.com/bid/94079http://www.securitytracker.com/id/1037224