Published: 11/09/2016 Updated: 13/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Blink, as used in Google Chrome prior to 53.0.2785.89 on Windows and OS X and prior to 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote malicious users to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome

Blink, as used in Google Chrome, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)" ...

Blink, as used in Google Chrome before 530278589 on Windows and OS X and before 530278592 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)" ...

Several security issues were fixed in Oxide ...

Arch Linux Security Advisory ASA-201612-18 ========================================== Severity: Critical Date : 2016-12-17 CVE-ID : CVE-2016-5133 CVE-2016-5147 CVE-2016-5153 CVE-2016-5155 CVE-2016-5161 CVE-2016-5166 CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5181 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 C ...

Several vulnerabilities have been discovered in the chromium web browser CVE-2016-5147 A cross-site scripting issue was discovered CVE-2016-5148 Another cross-site scripting issue was discovered CVE-2016-5149 Max Justicz discovered a script injection issue in extension handling CVE-2016-5150 A use-after-free issue was discovere ...

Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs

Threatpost • Chris Brook • 01 Sep 2016

Google continued its onslaught of summer Chrome patches Wednesday when it pushed out version 53 of the browser, fixing 33 bugs, half of which were rated “high” severity by the company.
Google paid at least $56,500 in rewards to researchers who discovered vulnerabilities in the browser this time through. The company is still determining how much to award several researchers who found bugs, while two vulnerabilities marked Wednesday were ultimately not applicable to the company’s...

CWE-79 https://codereview.chromium.org/2242923002 https://codereview.chromium.org/2183423002/https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html https://codereview.chromium.org/2155393002 https://codereview.chromium.org/2190523002/https://crbug.com/628942 https://codereview.chromium.org/2169453002 https://codereview.chromium.org/2174263002/http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html http://www.debian.org/security/2016/dsa-3660 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html http://www.securityfocus.com/bid/92717 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html http://rhn.redhat.com/errata/RHSA-2016-1854.html https://security.gentoo.org/glsa/201610-09 http://www.securitytracker.com/id/1036729 https://nvd.nist.gov https://security.archlinux.org/CVE-2016-5147 https://access.redhat.com/security/cve/cve-2016-5147 https://usn.ubuntu.com/3058-1/http://tools.cisco.com/security/center/viewAlert.x?alertId=48695

CVE-2016-5147

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect