CVE-2016-1586

low-risk
Published 2019-04-22

A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
1
CVSS 1.8/10 Low
LOCAL / HIGH complexity

Affected Products (1)

Oxide

Affected Vendors

Oxide Project

References (2)

Patch https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a3...
Patch https://git.launchpad.net/oxide/commit/?id=29014da83e5fc358d6bff0f574e9ed45e61a3...
11
/ 100
low-risk
Severity 5/34 · Minimal
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal