CVE-2016-5204

NameCVE-2016-5204
DescriptionLeaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-3731-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)jessie, jessie (lts)57.0.2987.98-1~deb8u1fixed
stretch (security), stretch (lts), stretch71.0.3578.80-1~deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersourcewheezy(unfixed)end-of-life
chromium-browsersourcejessie55.0.2883.75-1~deb8u1DSA-3731-1
chromium-browsersource(unstable)55.0.2883.75-1

Notes

[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
Search for package or bug name: Reporting problems