CVE-2016-5147

Published: 2 September 2016

Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

Priority

CVSS 3 base score: 6.1

Status

Package	Release	Status
chromium-browser Launchpad, Ubuntu, Debian	upstream	Released (53.0.2785.92)
	precise	Ignored
	trusty	Does not exist (trusty was released [53.0.2785.143-0ubuntu0.14.04.1.1142])
	xenial	Released (53.0.2785.143-0ubuntu0.16.04.1.1254)
	yakkety	Released (53.0.2785.143-0ubuntu1.1307)
oxide-qt Launchpad, Ubuntu, Debian	upstream	Released (1.17.6)
	precise	Does not exist
	trusty	Does not exist (trusty was released [1.17.7-0ubuntu0.14.04.1])
	xenial	Released (1.17.7-0ubuntu0.16.04.1)
	yakkety	Released (1.17.7-0ubuntu1)

References

Bugs

https://bugs.chromium.org/p/chromium/issues/detail?id=628942

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›