Vulnerability Description
Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 54.0.2840.99 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2016-2919.html
- http://www.securityfocus.com/bid/94633
- https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.
- https://crbug.com/630870
- https://security.gentoo.org/glsa/201612-11
- http://rhn.redhat.com/errata/RHSA-2016-2919.html
- http://www.securityfocus.com/bid/94633
- https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.
- https://crbug.com/630870
- https://security.gentoo.org/glsa/201612-11
FAQ
What is CVE-2016-5204?
CVE-2016-5204 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker t...
How severe is CVE-2016-5204?
CVE-2016-5204 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5204?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome.