QwikSec

Security Database

CVE

CWE

Training

CVE-2016-5170

Published: Sep 25, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

https://crbug.com/641101

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

https://codereview.chromium.org/2332003002

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.