CVE-2016-5174 - Vulnerability Details - OpenCVE

browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Chrome
Redhat	Rhel Extras

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Supplementary
chromium-browser-0:53.0.2785.113-1.el6	cpe:/a:redhat:rhel_extras:6	RHSA-2016:1905	2016-09-16T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2016-1905.html
http://www.debian.org/security/2016/dsa-3667
http://www.securityfocus.com/bid/92942
http://www.securitytracker.com/id/1036826
https://codereview.chromium.org/2053343003
https://crbug.com/579934
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
https://nvd.nist.gov/vuln/detail/CVE-2016-5174
https://security.gentoo.org/glsa/201610-09
https://www.cve.org/CVERecord?id=CVE-2016-5174

History

No history.

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2016-09-25T20:00:00

Updated: 2024-08-06T00:53:48.271Z

Reserved: 2016-05-31T00:00:00

Link: CVE-2016-5174

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-09-25T20:59:07.060

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-5174

Redhat

Severity : Moderate

Publid Date: 2016-09-13T00:00:00Z

Links: CVE-2016-5174 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-13T00:00:00", "descriptions": [{"lang": "en", "value": "browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "DSA-3667", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3667"}, {"name": "1036826", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036826"}, {"name": "92942", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92942"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://crbug.com/579934"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://codereview.chromium.org/2053343003"}, {"name": "GLSA-201610-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201610-09"}, {"name": "RHSA-2016:1905", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2016-5174", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3667", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3667"}, {"name": "1036826", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036826"}, {"name": "92942", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92942"}, {"name": "https://crbug.com/579934", "refsource": "CONFIRM", "url": "https://crbug.com/579934"}, {"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", "refsource": "CONFIRM", "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"}, {"name": "https://codereview.chromium.org/2053343003", "refsource": "CONFIRM", "url": "https://codereview.chromium.org/2053343003"}, {"name": "GLSA-201610-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201610-09"}, {"name": "RHSA-2016:1905", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:53:48.271Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3667", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3667"}, {"name": "1036826", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036826"}, {"name": "92942", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92942"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://crbug.com/579934"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://codereview.chromium.org/2053343003"}, {"name": "GLSA-201610-09", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201610-09"}, {"name": "RHSA-2016:1905", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2016-5174", "datePublished": "2016-09-25T20:00:00", "dateReserved": "2016-05-31T00:00:00", "dateUpdated": "2024-08-06T00:53:48.271Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC271026-1CD7-42F7-8754-1C5144AD590B", "versionEndIncluding": "53.0.2785.101", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site."}, {"lang": "es", "value": "browser/ui/cocoa/browser_wendow_controller_private.mm en Google Chrome en versiones anteriores a 53.0.2785.113 no procesa peticiones de conmutaci\u00f3n a pantalla completa durante una transici\u00f3n a pantalla completa, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (venta emergente no suprimida) a trav\u00e9s de un sitio web manipulado."}], "id": "CVE-2016-5174", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-25T20:59:07.060", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2016/dsa-3667"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/92942"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1036826"}, {"source": "chrome-cve-admin@google.com", "url": "https://codereview.chromium.org/2053343003"}, {"source": "chrome-cve-admin@google.com", "url": "https://crbug.com/579934"}, {"source": "chrome-cve-admin@google.com", "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://security.gentoo.org/glsa/201610-09"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2016/dsa-3667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/92942"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1036826"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://codereview.chromium.org/2053343003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://crbug.com/579934"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201610-09"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}