High severity8.8NVD Advisory· Published Sep 25, 2016· Updated May 6, 2026
CVE-2016-5170
CVE-2016-5170
Description
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- rhn.redhat.com/errata/RHSA-2016-1905.htmlnvd
- www.debian.org/security/2016/dsa-3667nvd
- www.securityfocus.com/bid/92942nvd
- www.securitytracker.com/id/1036826nvd
- codereview.chromium.org/2332003002nvd
- crbug.com/641101nvd
- googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.htmlnvd
- security.gentoo.org/glsa/201610-09nvd
News mentions
0No linked articles in our index yet.