4.3
CVSSv2

CVE-2016-5191

Published: 18/12/2016 Updated: 05/01/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Bookmark handling in Google Chrome before 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote malicious user to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an javascript:payload@example.com URL.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

Vendor Advisories

An universal XSS flaw was found in the Bookmarks component of the Chromium browser ...
Synopsis Important: chromium-browser security update Type/Severity Security Advisory: Important Topic An update for chromium-browser is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Arch Linux Security Advisory ASA-201610-15 ========================================== Severity: Critical Date : 2016-10-23 CVE-ID : CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 C ...

Recent Articles

Google splats 21 bugs in Chrome 54 patch run
The Register • Darren Pauli • 14 Oct 2016

None critical, some embarrassing, all worth the auto-upgrade

Google has patched 21 bugs in its Chrome web browser, closing six high-severity holes along the way.
Mountain View paid US$29,133 for the bugs including a top pay out of US$7500 (CVE-2016-5181) for a universal cross-site scripting hole in Blink, and US$5500 (CVE-2016-5182) for a heap overflow in the same web browser engine.
Four vulnerabilities affecting the Blink engine were patched including a cross-origin bypass and a user-after-free, but Google did not reveal further details.

Google splats 21 bugs in Chrome 54 patch run
The Register • Darren Pauli • 14 Oct 2016

None critical, some embarrassing, all worth the auto-upgrade

Google has patched 21 bugs in its Chrome web browser, closing six high-severity holes along the way.
Mountain View paid US$29,133 for the bugs including a top pay out of US$7500 (CVE-2016-5181) for a universal cross-site scripting hole in Blink, and US$5500 (CVE-2016-5182) for a heap overflow in the same web browser engine.
Four vulnerabilities affecting the Blink engine were patched including a cross-origin bypass and a user-after-free, but Google did not reveal further details.

Google Plugs 21 Security Holes in Chrome
Threatpost • Tom Spring • 13 Oct 2016

Google on Wednesday patched 21 security vulnerabilities in Chrome, including a half dozen rated high severity that were reported by external researchers and were eligible for a bounty.
Bug hunters earned a total of $30,000 in bounties, with a top payout of $7,500 to an unnamed researcher for a universal cross-site scripting flaw found in Blink, the Chrome browser engine.
The Chrome 54 update (54.0.2840.59) applies to the Windows, Mac, and Linux versions of the browser. Google said i...