CVE-2016-5201
medium
CVSS v3
6.5
CVSS v2
4.3
VIR risk
6.5
Description
A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| chrome | {"endIncluding":"54.0.2840.87"} | |
References
- http://rhn.redhat.com/errata/RHSA-2016-2718.html
- http://www.securityfocus.com/bid/94196
- http://www.securitytracker.com/id/1037273
- https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
- https://crbug.com/660678
- https://security.gentoo.org/glsa/201611-16
- http://rhn.redhat.com/errata/RHSA-2016-2718.html
- http://www.securityfocus.com/bid/94196
- http://www.securitytracker.com/id/1037273
- https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
- https://crbug.com/660678
- https://security.gentoo.org/glsa/201611-16
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.