Description
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-3645-1 | chromium-browser security update |
EUVD |
EUVD-2016-6093 | The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp. |
Ubuntu USN |
USN-3058-1 | Oxide vulnerabilities |
References
History
No history.
Status: PUBLISHED
Assigner: Chrome
Published:
Updated: 2024-08-06T00:53:47.399Z
Reserved: 2016-05-31T00:00:00.000Z
Link: CVE-2016-5142
No data.
Status : Modified
Published: 2016-08-07T19:59:06.533
Modified: 2026-06-17T00:48:50.107
Link: CVE-2016-5142
OpenCVE Enrichment
No data.
Weaknesses
Debian DSA
EUVD
Ubuntu USN