CVE-2016-5177
high
CVSS v3
8.8
CVSS v2
6.8
VIR risk
8.8
Description
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: arch — https://security.archlinux.org/ASA-201610-1
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | fixed | 53.0.2785.143-1 | |
| debian | 8.0 | affected | |
| suse | 42.1 | affected | |
| suse | 13.2 | affected | |
| fedora | 24 | affected | |
| fedora | 25 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| chrome | {"endIncluding":"53.0.2785.129"} | |
References
- https://security.archlinux.org/ASA-201610-1
- http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2016-10/msg00001.html
- http://rhn.redhat.com/errata/RHSA-2016-2007.html
- http://www.debian.org/security/2016/dsa-3683
- http://www.securityfocus.com/bid/93238
- http://www.securitytracker.com/id/1036970
- https://bugzilla.redhat.com/show_bug.cgi?id=1380631
- https://chromereleases.googleblog.com/2016/09/stable-channel-update-for-desktop_29.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FWZVE5PX27FWPLGOPDA7ZC5MILOWN6K/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNUTOWCXLWVXOTGQUS53DSRVTO3J226Z/
- https://security.gentoo.org/glsa/201610-09
CWEs
CWE-416
Verify integrity in audit chain (admin only). AS-IS.