Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
References
Link | Resource |
---|---|
https://crbug.com/639702 | Permissions Required |
https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html | Vendor Advisory |
http://www.securityfocus.com/bid/93528 | Third Party Advisory VDB Entry |
https://security.gentoo.org/glsa/201610-09 | |
http://rhn.redhat.com/errata/RHSA-2016-2067.html |
Configurations
Information
Published : 2016-12-17 19:59
Updated : 2018-01-04 18:30
NVD link : CVE-2016-5187
Mitre link : CVE-2016-5187
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
- chrome