HighCISA KEVExploited in the wildPublic exploit

Type confusion in V8 in Google Chrome

IdentifiersCVE-2016-5198CWE-843

CVE-2016-5198 is a V8 engine vulnerability in Google Chrome caused by incorrect optimisation assumptions. In affected Chrome versions prior to 54.0.2840.90 on Linux, 54.0.2840.85 on Android, and 54.0.2840.87 on Windows and macOS, a remote attacker could trigger unsafe V8 behavior via crafted HTML/JavaScript, resulting in arbitrary read and write primitives in the renderer process. Those memory corruption primitives could then be used to achieve code execution. The issue was exploitable through a malicious web page and was used as part of Android exploitation frameworks such as MOONSHINE to target vulnerable Chromium-based browsers.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a remote attacker to obtain arbitrary memory read/write within the vulnerable browser context and leverage that to execute code. In practical attack chains, this can result in full compromise of the browser process, delivery of additional payloads, spyware installation, and theft of user data accessible from the compromised application context. On Android, the vulnerability was used in one-click mobile exploitation chains against vulnerable Chromium-based browser components.

Mitigation

If you can’t patch tonight, do this now.

Until patching is complete, reduce exposure by restricting use of outdated Chrome/Chromium versions, limiting access to untrusted links and web content, and disabling or isolating vulnerable embedded browser components where feasible. On managed mobile fleets, enforce browser and app version compliance, block known-malicious URLs, and use application control or MDM policies to prevent downgrade or replacement of embedded browser components. These measures are only temporary and do not eliminate the underlying vulnerability.

Remediation

Patch, then assume compromise.

Upgrade Google Chrome and Chromium-based applications embedding the affected engine to fixed versions or later: 54.0.2840.90 for Linux, 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and macOS. Because this bug affects the V8 engine, remediation also requires updating any downstream browsers or applications that bundle vulnerable Chromium components rather than relying only on OS updates. Verify that embedded browser runtimes in mobile apps are also updated.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

GoogleChromeapplication

Red HatEnterprise Linux Desktopoperating_system

Red HatEnterprise Linux Serveroperating_system

Red HatEnterprise Linux Workstationoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

citizenlabNews

Dec 10, 2025

Missing Link: Tibetan Groups Targeted with 1-Click Mobile Exploits - The Citizen Lab

A Google Chrome vulnerability used as Exploit #2 in the MOONSHINE Android exploit kit.

trend micro researchNews

Dec 5, 2024

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks | Trend Micro (UK)

A Chromium vulnerability targeted by the MOONSHINE exploit kit against Android apps embedding vulnerable Chrome 50.

citizenlabNews

Sep 24, 2019

Missing Link: Tibetan Groups Targeted with 1-Click Mobile Exploits

A Google Chrome vulnerability leveraged by MOONSHINE to compromise Android devices running affected Chrome versions.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence3

Every observed campaign linking this CVE to a named adversary.

Associated malware5

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2016-5198

NVD

nvd.nist.gov/vuln/detail/CVE-2016-5198

MITRE CWE · CWE-843

cwe.mitre.org

Vendor Advisory

chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html

Third Party Advisory

rhn.redhat.com/errata/RHSA-2016-2672.html

Exploit

crbug.com/659475

US Government Resource

cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5198