CVE-2016-5204

Description

Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

Risk Information

Base Score

6.1

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.3

Associated Vulnerability

Vulnerability	OS Platform
Update for Google Chrome (55.0.2883.75)	Windows
Update for Google Chrome x64 (55.0.2883.75)	Windows
Updates for Google Chrome (66.0.3359.170)	Windows
Updates for Google Chrome (x64) (66.0.3359.170)	Windows
Updates for Google Chrome (66.0.3359.181)	Windows
Updates for Google Chrome (x64) (66.0.3359.181)	Windows
Updates for Google Chrome (67.0.3396.62)	Windows
Updates for Google Chrome (x64) (67.0.3396.62)	Windows
Updates for Google Chrome (67.0.3396.79)	Windows
Updates for Google Chrome (x64) (67.0.3396.79)	Windows
Updates for Google Chrome (67.0.3396.87)	Windows
Updates for Google Chrome (x64) (67.0.3396.87)	Windows
Google Chrome (67.0.3396.99)	Windows
Google Chrome (x64) (67.0.3396.99)	Windows
Multiple vulnerabilities are fixed in Update for Google Chrome For Mac (55.0.2883.75)	Mac
Web browser engine for Qt (QML plugin) (USN-3153-1) liboxideqtcore0_1.19.4-0ubuntu0.14.04.1_i386.deb	Linux
Web browser engine for Qt (QML plugin) (USN-3153-1) liboxideqtcore0_1.19.4-0ubuntu0.14.04.1_amd64.deb	Linux
Web browser engine for Qt (QML plugin) (USN-3153-1) liboxideqtcore0_1.19.4-0ubuntu0.16.04.1_i386.deb	Linux
Web browser engine for Qt (QML plugin) (USN-3153-1) liboxideqtcore0_1.19.4-0ubuntu0.16.04.1_amd64.deb	Linux
Update for Google Chrome (55.0.2883.75) (For Ubuntu)	Linux
Updates for Google Chrome (66.0.3359.170) (For Ubuntu)	Linux
Update for Google Chrome (55.0.2883.75) (For Debian)	Linux
Updates for Google Chrome (66.0.3359.170) (For Debian)	Linux
Updates for Google Chrome (66.0.3359.181) (For Debian)	Linux
Updates for Google Chrome (67.0.3396.62) (For Debian)	Linux
Updates for Google Chrome (67.0.3396.79) (For Debian)	Linux
Updates for Google Chrome (67.0.3396.87) (For Debian)	Linux
Google Chrome (67.0.3396.99) (For Debian)	Linux
Update for Google Chrome (55.0.2883.75) (For Centos)	Linux
Updates for Google Chrome (66.0.3359.170) (For Centos)	Linux
Updates for Google Chrome (66.0.3359.181) (For Centos)	Linux
Updates for Google Chrome (67.0.3396.62) (For Centos)	Linux
Updates for Google Chrome (67.0.3396.79) (For Centos)	Linux
Updates for Google Chrome (67.0.3396.87) (For Centos)	Linux
Google Chrome (67.0.3396.99) (For Centos)	Linux
Update for Google Chrome (55.0.2883.75) (For RedHat)	Linux
Updates for Google Chrome (66.0.3359.170) (For RedHat)	Linux
Updates for Google Chrome (66.0.3359.181) (For RedHat)	Linux
Updates for Google Chrome (67.0.3396.62) (For RedHat)	Linux
Updates for Google Chrome (67.0.3396.79) (For RedHat)	Linux
Updates for Google Chrome (67.0.3396.87) (For RedHat)	Linux
Google Chrome (67.0.3396.99) (For RedHat)	Linux
Update for Google Chrome (55.0.2883.75) (For Suse)	Linux
Updates for Google Chrome (66.0.3359.170) (For Suse)	Linux
Updates for Google Chrome (66.0.3359.181) (For Suse)	Linux
Updates for Google Chrome (67.0.3396.62) (For Suse)	Linux
Updates for Google Chrome (67.0.3396.79) (For Suse)	Linux
Updates for Google Chrome (67.0.3396.87) (For Suse)	Linux
Google Chrome (67.0.3396.99) (For Suse)	Linux
Updates for Google Chrome (66.0.3359.181) (For Ubuntu)	Linux
Updates for Google Chrome (67.0.3396.62) (For Ubuntu)	Linux
Updates for Google Chrome (67.0.3396.79) (For Ubuntu)	Linux
Updates for Google Chrome (67.0.3396.87) (For Ubuntu)	Linux
Google Chrome (67.0.3396.99) (For Ubuntu)	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-304380	Update for Google Chrome (55.0.2883.75)
PATCH-304381	Update for Google Chrome x64 (55.0.2883.75)
PATCH-307513	Updates for Google Chrome (66.0.3359.170)
PATCH-307515	Updates for Google Chrome (x64) (66.0.3359.170)
PATCH-307534	Updates for Google Chrome (66.0.3359.181)
PATCH-307535	Updates for Google Chrome (x64) (66.0.3359.181)
PATCH-307607	Updates for Google Chrome (67.0.3396.62)
PATCH-307608	Updates for Google Chrome (x64) (67.0.3396.62)
PATCH-307641	Updates for Google Chrome (67.0.3396.79)
PATCH-307644	Updates for Google Chrome (x64) (67.0.3396.79)
PATCH-307660	Updates for Google Chrome (67.0.3396.87)
PATCH-307662	Updates for Google Chrome (x64) (67.0.3396.87)
PATCH-307715	Google Chrome (67.0.3396.99)
PATCH-307716	Google Chrome (x64) (67.0.3396.99)
PATCH-609673	Google Chrome for Mac (132.0.6834.83, 132.0.6834.84)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234