CVE-2016-5198 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2016-5198?

CVE-2016-5198 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-5198?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Linux Linux Kernel, Google Android, Apple Macos, Microsoft Windows.

Vulnerability Description

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Chrome	< 54.0.2840.90
Linux	Linux Kernel	-
Google	Android	-
Apple	Macos	-
Microsoft	Windows	-
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-787

References

http://rhn.redhat.com/errata/RHSA-2016-2672.htmlThird Party Advisory
http://www.securityfocus.com/bid/94079Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037224Broken LinkThird Party AdvisoryVDB Entry
https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.Release NotesVendor Advisory
https://crbug.com/659475ExploitIssue Tracking
http://rhn.redhat.com/errata/RHSA-2016-2672.htmlThird Party Advisory
http://www.securityfocus.com/bid/94079Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037224Broken LinkThird Party AdvisoryVDB Entry
https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.Release NotesVendor Advisory
https://crbug.com/659475ExploitIssue Tracking
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-US Government Resource

FAQ

What is CVE-2016-5198?

CVE-2016-5198 is a vulnerability with a CVSS score of 8.8 (HIGH). V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to ...

How severe is CVE-2016-5198?

CVE-2016-5198 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-5198?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Linux Linux Kernel, Google Android, Apple Macos, Microsoft Windows.