CVE-2016-5187

Published: 17 October 2016

Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
oxide-qt
Launchpad, Ubuntu, Debian
Upstream
Released (1.18.3)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.18.3-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.18.3-0ubuntu0.14.04.1])

Notes

AuthorNote
chrisccoulson
This looks like it's in the TopControlsManager, used only
in Chrome/Android. Oxide also makes use of this functionality

References