CVE-2016-5191

Summary

Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL.

Affected Software

VendorProductVersion RangeStatus
n/aChrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for AndroidChrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Androidaffected

Weaknesses

  • UXSS

ADP Enrichment

CVE Program Container

Additional References

References