CVE-2016-5128
- Source
- https://cve.org/CVERecord?id=CVE-2016-5128
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5128.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-5128
- Downstream
- Related
- Published
- 2016-07-23T19:59:10.170Z
- Modified
- 2026-04-16T01:45:02.012356818Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "51.0.2704.106" } ], "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*" } ] }- References
-
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html
- http://www.securityfocus.com/bid/92053
- http://www.securitytracker.com/id/1036428
- https://codereview.chromium.org/2082633002
- https://codereview.chromium.org/2084183004
- https://codereview.chromium.org/2085223002
- https://codereview.chromium.org/2101983002
- https://codereview.chromium.org/2103033002
- https://crbug.com/619166
- http://rhn.redhat.com/errata/RHSA-2016-1485.html
- http://www.debian.org/security/2016/dsa-3637
- http://www.ubuntu.com/usn/USN-3041-1
- https://security.gentoo.org/glsa/201610-09
- http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
Affected packages
Git / github.com/v8/v8
Affected ranges
- Type
- GIT
- Repo
- https://github.com/v8/v8
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "5.2.360" } ], "cpe": "cpe:2.3:a:google:v8:5.2.360:*:*:*:*:*:*:*" }
Affected versions
3.*
3.21.18
3.26.30
3.28.33
3.28.34
3.28.36
3.28.37
3.28.39
3.28.40
3.28.41
3.28.42
3.28.44
3.28.46
3.28.47
3.28.49
3.28.55
3.28.56
3.28.58
3.28.61
3.28.63
3.28.66
3.28.67
3.28.68
3.28.70
3.28.72
3.29.1
3.29.12
3.29.13
3.29.15
3.29.18
3.29.19
3.29.2
3.29.21
3.29.22
3.29.26
3.29.28
3.29.3
3.29.30
3.29.31
3.29.32
3.29.33
3.29.34
3.29.36
3.29.37
3.29.39
3.29.4
3.29.42
3.29.44
3.29.45
3.29.46
3.29.47
3.29.48
3.29.49
3.29.5
3.29.51
3.29.52
3.29.54
3.29.55
3.29.56
3.29.58
3.29.6
3.29.60
3.29.61
3.29.62
3.29.63
3.29.65
3.29.67
3.29.68
3.29.69
3.29.7
3.29.71
3.29.72
3.29.73
3.29.76
3.29.77
3.29.79
3.29.8
3.29.80
3.29.85
3.29.86
5.*
5.2.360