CVE-2016-5208

🗓️ 19 Jan 2017 05:43:00Reported by ChromeType

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page

Reporter	Title	Published	Views	Family All 60
FreeBSD	chromium -- multiple vulnerabilities	1 Dec 201600:00	–	freebsd
ArchLinux	[ASA-201612-3] chromium: multiple issues	3 Dec 201600:00	–	archlinux
ArchLinux	[ASA-201702-2] qt5-webengine: multiple issues	2 Feb 201700:00	–	archlinux
CNVD	Google Chrome Blink Cross-Site Scripting Vulnerability (CNVD-2016-12101)	7 Dec 201600:00	–	cnvd
Cvelist	CVE-2016-5208	19 Jan 201705:43	–	cvelist
Debian	[SECURITY] [DSA 3731-1] chromium-browser security update	11 Dec 201620:59	–	debian
Debian	[SECURITY] [DSA 3731-1] chromium-browser security update	11 Dec 201620:59	–	debian
Debian CVE	CVE-2016-5208	19 Jan 201705:43	–	debiancve
Tenable Nessus	Debian DSA-3731-1 : chromium-browser - security update	12 Dec 201600:00	–	nessus
Tenable Nessus	Fedora 25 : chromium (2016-a815b7bf5d)	16 Dec 201600:00	–	nessus

NVD

Node

google chromeRange≤54.0.2840.99

[
  {
    "product": "Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android"
      }
    ]
  }
]

Source	Link
security	www.security.gentoo.org/glsa/201612-11
crbug	www.crbug.com/658535
chromereleases	www.chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html
rhn	www.rhn.redhat.com/errata/RHSA-2016-2919.html
securityfocus	www.securityfocus.com/bid/94633

13 May 2026 00:24Current

6.7Medium risk

Vulners AI Score6.7

CVSS 24.3

CVSS 36.1

EPSS0.00247

CWE-79