4.3
CVSSv2

CVE-2016-5130

Published: 23/07/2016 Updated: 01/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

content/renderer/history_controller.cc in Google Chrome prior to 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote malicious users to spoof the URL display via a crafted web site.

Affected Products

Vendor Product Versions
GoogleChrome51.0.2704.106

Vendor Advisories

Several security issues were fixed in Oxide ...
Several vulnerabilities have been discovered in the chromium web browser CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing CVE-2016-1706 Pinkie Pie discovered a way to escape the P ...

Recent Articles

Google Fixes 48 Bugs, Sandbox Escape, in Chrome
Threatpost • Tom Spring • 21 Jul 2016

Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox.
That vulnerability is one of 48 bugs fixed in version 52 of Chrome released Wednesday.
Four dozen of those flaws are rated as high risks and Google paid out more than $22,000 in rewards to researchers who reported vulnerabilities to the company. Payment on an additional 11 bugs found by bug bounty hunters is pending, Google said.
Among the other serious vulne...

Google Chrome 52.0.2743.82 released with 48 Security Fixes
BleepingComputer • Lawrence Abrams • 20 Jul 2016

Version 52.0.2743.82 of Google Chrome was released today that contains 48 security fixes. Of those 48 fixes, 17 were highlighted as coming from external sources and being eligible for a bounty for their disclosure.

Of these external disclosures, $21,000 was paid in bounties, with the amount for the other 11 disclosures still being determined.  The highest bounty was paid to Pinkie Pie, the well known Chrome hacker who won Google’s Pwnium competition in 2012, for discoveri...