CVE-2016-5201
medium
CVSS v3
6.5
CVSS v4 NEW
โ
VIR risk
6.5
Description
A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.
Predictions
Exploit likelihood
75%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| chrome | {"endIncluding":"54.0.2840.87"} | |
References
- http://rhn.redhat.com/errata/RHSA-2016-2718.html
- http://www.securityfocus.com/bid/94196
- http://www.securitytracker.com/id/1037273
- https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
- https://crbug.com/660678
- https://security.gentoo.org/glsa/201611-16
- http://rhn.redhat.com/errata/RHSA-2016-2718.html
- http://www.securityfocus.com/bid/94196
- http://www.securitytracker.com/id/1037273
- https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
- https://crbug.com/660678
- https://security.gentoo.org/glsa/201611-16
CWEs
CWE-200
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.