CVE-2016-5198

high-risk

Published 2017-01-19

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

Do I need to act?

77.9% chance of exploitation in next 30 days

EPSS score — higher than 22% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (4)

Chrome

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Affected Vendors

Redhat Google

References (11)

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2672.html

Broken Link http://www.securityfocus.com/bid/94079

Broken Link http://www.securitytracker.com/id/1037224

Release Notes https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop....

Exploit https://crbug.com/659475

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-2672.html

Broken Link http://www.securityfocus.com/bid/94079

Broken Link http://www.securitytracker.com/id/1037224

Release Notes https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop....

Exploit https://crbug.com/659475

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-...

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 27/34 · High

Exposure 10/34 · Low