CVE DATABASE / CVE-2016-5198
CVE-2016-5198
Google Chromium V8 Out-of-Bounds Memory Vulnerability
CVSS 8.8 · HIGH
⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog
Confirmed exploited in the wild. Added 2022-06-08.
Federal remediation due 2022-06-22.
Required action: Apply updates per vendor instructions.
Summary
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
CVSS 3.1 breakdown
| Base score | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Google chromeLinux linux kernelGoogle androidApple macosMicrosoft windowsRedhat enterprise linux desktopRedhat enterprise linux serverRedhat enterprise linux workstation
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://rhn.redhat.com/errata/RHSA-2016-2672.html
- http://www.securityfocus.com/bid/94079
- http://www.securitytracker.com/id/1037224
- https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html
- https://crbug.com/659475
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5198
Data: NIST NVD + CISA KEV. NVD last modified 2026-04-21. Always verify against the vendor advisory before acting.