CVE-2016-5204 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-5204 Interim 1 22 2024-09-12T01:40:14Z current 2021-05-30T13:43:12Z 2024-09-12T01:40:14Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-5204 Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2TVPLHULGNPUMH6D6ENQ6KMK2P3NNDAT/#2TVPLHULGNPUMH6D6ENQ6KMK2P3NNDAT E-Mail link for openSUSE-SU-2016:3108-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IOM3J2HPT4XSGXITE6DSNQRVKV6CULMT/#IOM3J2HPT4XSGXITE6DSNQRVKV6CULMT E-Mail link for openSUSE-SU-2017:0563-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 SP2 openSUSE Leap 15.0 openSUSE Leap 15.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed chromedriver-55.0.2883.75-2.1 chromedriver-55.0.2883.75-3.1 chromium-101.0.4951.64-bp154.1.2 chromium-55.0.2883.75-2.1 chromium-55.0.2883.75-3.1 chromium-66.0.3359.170-lp150.1.1 chromium-83.0.4103.97-lp152.1.1 chromium-90.0.4430.212-bp153.1.1 ungoogled-chromium-113.0.5672.92-1.1 ungoogled-chromium-chromedriver-113.0.5672.92-1.1 chromedriver-55.0.2883.75-2.1 as a component of SUSE Package Hub 12 SP2 chromium-55.0.2883.75-2.1 as a component of SUSE Package Hub 12 SP2 chromium-66.0.3359.170-lp150.1.1 as a component of openSUSE Leap 15.0 chromium-83.0.4103.97-lp152.1.1 as a component of openSUSE Leap 15.2 chromium-90.0.4430.212-bp153.1.1 as a component of openSUSE Leap 15.3 chromium-101.0.4951.64-bp154.1.2 as a component of openSUSE Leap 15.4 chromedriver-55.0.2883.75-3.1 as a component of openSUSE Tumbleweed chromium-55.0.2883.75-3.1 as a component of openSUSE Tumbleweed ungoogled-chromium-113.0.5672.92-1.1 as a component of openSUSE Tumbleweed ungoogled-chromium-chromedriver-113.0.5672.92-1.1 as a component of openSUSE Tumbleweed Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2016-5204 SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1 SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1 openSUSE Leap 15.0:chromium-66.0.3359.170-lp150.1.1 openSUSE Leap 15.2:chromium-83.0.4103.97-lp152.1.1 openSUSE Leap 15.3:chromium-90.0.4430.212-bp153.1.1 openSUSE Leap 15.4:chromium-101.0.4951.64-bp154.1.2 openSUSE Tumbleweed:chromedriver-55.0.2883.75-3.1 openSUSE Tumbleweed:chromium-55.0.2883.75-3.1 openSUSE Tumbleweed:ungoogled-chromium-113.0.5672.92-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-113.0.5672.92-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N