Critical severity9.8NVD Advisory· Published Aug 7, 2016· Updated May 6, 2026

CVE-2016-5142

Description

The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.htmlnvd
rhn.redhat.com/errata/RHSA-2016-1580.htmlnvd
www.debian.org/security/2016/dsa-3645nvd
www.securityfocus.com/bid/92276nvd
www.securitytracker.com/id/1036547nvd
codereview.chromium.org/2141843002/nvd
crbug.com/626948nvd
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/nvd
security.gentoo.org/glsa/201610-09nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000