PT-2016-6284 · Apple+7 · Webkit+7

Publicado

2016-08-31

·

Atualizado

2024-06-15

·

CVE-2016-5164

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 53.0.2785.89 on Windows and OS X Google Chrome versions prior to 53.0.2785.92 on Linux Opera (affected versions not specified)
Description A cross-site scripting (XSS) issue exists in the WebKit/Source/platform/v8 inspector/V8Debugger.cpp component of Blink, used in Google Chrome and Opera. This allows remote attackers to inject arbitrary web script or HTML into the Developer Tools subsystem via a crafted web site.
Recommendations For Google Chrome versions prior to 53.0.2785.89 on Windows and OS X, update to version 53.0.2785.89 or later. For Google Chrome versions prior to 53.0.2785.92 on Linux, update to version 53.0.2785.92 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALT-PU-2016-2194
CVE-2016-5164
DSA-3660-1
MGASA-2016-0309
OPENSUSE-SU-2016:2250-1
OPENSUSE-SU-2016_2250-1
OPENSUSE-SU-2016_2296-1
OPENSUSE-SU-2024:10171-1
OPENSUSE-SU-2024:12948-1
RHSA-2016:1854
RHSA-2016_1854
SUSE-SU-2016:2250-1
SUSE-SU-2016:2251-1
USN-3058-1

Produtos afetados

Alt Linux
Blink
Google Chrome
Opera
Red Hat
Suse
Ubuntu
Webkit