返回 CVE 瀏覽器

CVE-2016-5198

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score69.0230%

EPSS Percentile97.69th

Published2017年1月19日

Last Modified2026年4月21日

Vulnerability Description

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

Affected Platforms (CPE)

📦

Google

Chrome

< 54.0.2840.90

📦

Google

Chrome

< 54.0.2840.85

📦

Google

Chrome

< 54.0.2840.87

💻

Redhat

Enterprise Linux Desktop

= 6.0

💻

Redhat

Enterprise Linux Server

= 6.0

💻

Redhat

Enterprise Linux Workstation

= 6.0

References & Advisories

🔗 http://rhn.redhat.com/errata/RHSA-2016-2672.html

🔗 http://www.securityfocus.com/bid/94079

🔗 http://www.securitytracker.com/id/1037224

🔗 https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html

🔗 https://crbug.com/659475

🔗 http://rhn.redhat.com/errata/RHSA-2016-2672.html

🔗 http://www.securityfocus.com/bid/94079

🔗 http://www.securitytracker.com/id/1037224

相關漏洞威脅

CVE-2004-076410.0

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "c...

CVE-2009-247110.0

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers...

CVE-2021-3397010.0

Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.

CVE-2009-266510.0

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when cert...