7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.028 Low
EPSS
Percentile
90.6%
Google Chrome Releases reports:
10 security fixes in this release, including:
[629542] High CVE-2016-5141 Address bar spoofing. Credit to
anonymous
[626948] High CVE-2016-5142 Use-after-free in Blink. Credit to
anonymous
[625541] High CVE-2016-5139 Heap overflow in pdfium. Credit to
GiWan Go of Stealien
[619405] High CVE-2016-5140 Heap overflow in pdfium. Credit to
Ke Liu of Tencent’s Xuanwu LAB
[623406] Medium CVE-2016-5145 Same origin bypass for images in
Blink. Credit to anonymous
[619414] Medium CVE-2016-5143 Parameter sanitization failure in
DevTools. Credit to Gregory Panakkal
[618333] Medium CVE-2016-5144 Parameter sanitization failure in
DevTools. Credit to Gregory Panakkal
[633486] CVE-2016-5146: Various fixes from internal audits,
fuzzing and other initiatives.
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.028 Low
EPSS
Percentile
90.6%