CVE-2016-5142
Published: 7 August 2016
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
upstream |
Released
(52.0.2743.116-1)
|
precise |
Ignored
|
|
trusty |
Does not exist
(trusty was released [52.0.2743.116-0ubuntu0.14.04.1.1134])
|
|
xenial |
Released
(52.0.2743.116-0ubuntu0.16.04.1.1250)
|
|
yakkety |
Released
(53.0.2785.143-0ubuntu1.1307)
|
|
oxide-qt Launchpad, Ubuntu, Debian |
upstream |
Released
(1.16.6)
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was released [1.17.7-0ubuntu0.14.04.1])
|
|
xenial |
Released
(1.17.7-0ubuntu0.16.04.1)
|
|
yakkety |
Released
(1.16.7-0ubuntu1)
|