CVE-2016-5226

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 55.0.2883.75 Opera versions prior to 55.0.2883.75

Description The issue exists due to inadequate protection of the web page structure in the Blink component of Google Chrome. This could allow a remote attacker to obtain information about the integration platform and operating system. The vulnerability can be exploited by executing javascript: URLs entered in the URL bar in the context of the current tab, allowing a socially engineered user to perform a self-XSS attack by dragging and dropping a javascript: URL into the URL bar.

Recommendations For Google Chrome versions prior to 55.0.2883.75, update to version 55.0.2883.75 or later. For Opera versions prior to 55.0.2883.75, update to version 55.0.2883.75 or later. As a temporary workaround, consider disabling the execution of javascript: URLs in the URL bar to minimize the risk of exploitation.