Vulnerability CVE-2016-5204: Information

Description

Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-5204
Published: Jan. 19, 2017
Modified: Nov. 7, 2023
Error type identifier: CWE-79

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
chromiumsisyphus55.0.2883.75-alt1125.0.6422.141-alt1ALT-PU-2016-2425-1174143Fixed
chromiump1055.0.2883.75-alt1119.0.6045.159-alt0.p10.1ALT-PU-2016-2425-1174143Fixed
chromiump955.0.2883.75-alt197.0.4692.99-alt0.p9.1ALT-PU-2016-2425-1174143Fixed
chromiump855.0.2883.75-alt0.M80P.161.0.3163.100-alt0.M80P.1ALT-PU-2016-2431-1174180Fixed
chromiumc10f155.0.2883.75-alt1110.0.5481.177-alt1.p10.1ALT-PU-2016-2425-1174143Fixed
chromiumc9f255.0.2883.75-alt184.0.4147.105-alt1.1.p9ALT-PU-2016-2425-1174143Fixed
chromiump1155.0.2883.75-alt1125.0.6422.141-alt1ALT-PU-2016-2425-1174143Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
RHSA-2016:2919
    https://crbug.com/630870
      94633
        https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
          GLSA-201612-11

              1. Configuration 1

                cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
                End including
                54.0.2840.99
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.5.3
            Back to top