CVE-2016-5204

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 55.0.2883.75 Google Chrome for Android versions prior to 55.0.2883.84

Description The issue exists due to the lack of protection for the web page structure in the Blink component of Google Chrome. This allows a remote attacker to obtain information about the integration platform and operating system using a specially crafted HTML page. The vulnerability is caused by the leaking of an SVG shadow tree, leading to corruption of the DOM tree, which enables a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.

Recommendations For Google Chrome versions prior to 55.0.2883.75, update to version 55.0.2883.75 or later. For Google Chrome for Android versions prior to 55.0.2883.84, update to version 55.0.2883.84 or later. As a temporary workaround, consider restricting access to crafted HTML pages to minimize the risk of exploitation.