Homepage

Use After Free Affecting chromium-browser package, versions <0:53.0.2785.89-3.el6

Severity

 Recommended
0.0
high
0
10

Based on CentOS security rating.

Threat Intelligence

EPSS
1.37% (87th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Use After Free vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-CENTOS6-CHROMIUMBROWSER-2135657
  • published26 Jul 2021
  • disclosed31 Aug 2016
Report a new vulnerability Found a mistake?

Introduced: 31 Aug 2016

CVE-2016-5150  (opens in a new tab)
CWE-416  (opens in a new tab)

How to fix?

Upgrade Centos:6 chromium-browser to version 0:53.0.2785.89-3.el6 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream chromium-browser package and not the chromium-browser package as distributed by Centos. See How to fix? for Centos:6 relevant fixed versions and status.

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.