View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-5191 medium priority: Ubuntu including 2 source packages (chromium-browser, oxide-qt), 12 status rows across 6 suites (precise, trusty, upstream, xenial, yakkety, zesty): released 5, not-affected 4, DNE 2, ignored 1.
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:[email protected] URL.