PT-2016-3051 · Google+5 · Google Chrome+5

Published

2016-11-09

·

Updated

2025-09-29

·

CVE-2016-5200

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 54.0.2840.98 for Mac Google Chrome versions prior to 54.0.2840.99 for Windows Google Chrome versions prior to 54.0.2840.100 for Linux Google Chrome versions prior to 55.0.2883.84 for Android
Description The issue is caused by incorrect application of type rules in the V8 component of Google Chrome, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This can lead to a denial of service. The vulnerability can be exploited by a remote attacker using a specially crafted HTML page, potentially causing heap corruption.
Recommendations For Google Chrome versions prior to 54.0.2840.98 for Mac, update to version 54.0.2840.98 or later. For Google Chrome versions prior to 54.0.2840.99 for Windows, update to version 54.0.2840.99 or later. For Google Chrome versions prior to 54.0.2840.100 for Linux, update to version 54.0.2840.100 or later. For Google Chrome versions prior to 55.0.2883.84 for Android, update to version 55.0.2883.84 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2025_16880
ALT-PU-2016-2425
BDU:2017-00150
CVE-2016-5200
DSA-3731-1
MGASA-2016-0403
OPENSUSE-SU-2016_2793-1
OPENSUSE-SU-2024:10171-1
OPENSUSE-SU-2024:12948-1
RHSA-2016:2718
RHSA-2016_2718
USN-3133-1

Affected Products

Alt Linux
Google Chrome
Opera
Red Hat
Suse
Ubuntu