CVE-2016-5207
Publication date 6 December 2016
Last updated 25 August 2025
Ubuntu priority
Description
In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | ||
| 16.04 LTS xenial |
Fixed 55.0.2883.87-0ubuntu0.16.04.1263
|
|
| 14.04 LTS trusty |
Fixed 58.0.3029.81-0ubuntu0.14.04.1172
|
|
| oxide-qt | ||
| 16.04 LTS xenial |
Fixed 1.19.4-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty |
Fixed 1.19.4-0ubuntu0.14.04.1
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.1 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Changed |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3153-1
- Oxide vulnerabilities
- 9 December 2016