CVE-2016-5218

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 55.0.2883.75 for Mac, Windows and Linux Google Chrome version prior to 55.0.2883.84 for Android

Description The issue arises from the extensions API in Google Chrome incorrectly handling navigation within PDFs. This allows a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data. The vulnerability exists due to insufficient input validation, which can be exploited by a remote attacker to manipulate the Omnibox component.

Recommendations For Google Chrome versions prior to 55.0.2883.75 for Mac, Windows and Linux, update to version 55.0.2883.75 or later. For Google Chrome version prior to 55.0.2883.84 for Android, update to version 55.0.2883.84 or later. As a temporary workaround, consider restricting the use of the extensions API until a patch is available. Avoid using crafted HTML pages containing PDF data in the affected Google Chrome versions until the issue is resolved.