CVE-2016-5198
HIGHCISA KEVEPSS 98th pctlDescription
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
CVSS v3 Vector
Exploitability
Impact
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploit Intelligence
Very high risk: more likely to be exploited than 98% of all known CVEs.
Google Chromium V8 Out-of-Bounds Memory Vulnerability
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Apply updates per vendor instructions.
Remediation due: 2022-06-22
References
- http://rhn.redhat.com/errata/RHSA-2016-2672.html
- http://www.securityfocus.com/bid/94079
- http://www.securitytracker.com/id/1037224
- https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html
- https://crbug.com/659475
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5198
Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-21.