CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-5196

The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

http://www.securityfocus.com/bid/94078
https://chromereleases.googleblog.com/2016/10/chrome-for-android-update_31.html
https://crbug.com/659492
http://www.securityfocus.com/bid/94078
https://chromereleases.googleblog.com/2016/10/chrome-for-android-update_31.html
https://crbug.com/659492

Products affected by CVE-2016-5196

Google » Chrome » Version: 38.0.2125.101

cpe:2.3:a:google:chrome:38.0.2125.101
Google » Chrome » Version: 40.0.2214.109

cpe:2.3:a:google:chrome:40.0.2214.109
Google » Chrome » Version: 40.0.2214.89

cpe:2.3:a:google:chrome:40.0.2214.89
Google » Chrome » Version: 42.0.2311.107

cpe:2.3:a:google:chrome:42.0.2311.107
Google » Chrome » Version: 54.0.2840.68

cpe:2.3:a:google:chrome:54.0.2840.68

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-5196

Products

Pricing

Contact Us