CVE-2016-5215

Publication date 6 December 2016

Last updated 25 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
chromium-browser	17.04 zesty	Fixed 55.0.2883.87-0ubuntu1
	16.10 yakkety	Fixed 55.0.2883.87-0ubuntu0.16.10.1328
	16.04 LTS xenial	Fixed 55.0.2883.87-0ubuntu0.16.04.1263
	14.04 LTS trusty	Fixed 58.0.3029.81-0ubuntu0.14.04.1172
	12.04 LTS precise	Ignored
oxide-qt	17.04 zesty	Fixed 1.19.6-0ubuntu2
	16.10 yakkety	Fixed 1.19.4-0ubuntu0.16.10.1
	16.04 LTS xenial	Fixed 1.19.4-0ubuntu0.16.04.1
	14.04 LTS trusty	Fixed 1.19.4-0ubuntu0.14.04.1
	12.04 LTS precise	Not in release

Severity score breakdown

Parameter	Value
Base score	6.3 · Medium
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	Low
Integrity impact	Low
Availability impact	Low
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References

Related Ubuntu Security Notices (USN)

USN-3153-1
Oxide vulnerabilities
9 December 2016