VYPR

rpm package

opensuse/chromium&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed

Vulnerabilities (4,053)

  • CVE-2016-1697HigJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via

  • CVE-2016-1696HigJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2016-1695HigJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1694MedJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.

  • CVE-2016-1693MedJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack

  • CVE-2016-1692MedJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same

  • CVE-2016-1691HigJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommo

  • CVE-2016-1690HigJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other imp

  • CVE-2016-1689MedJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

  • CVE-2016-1688MedJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

  • CVE-2016-1687MedJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.

  • CVE-2016-1686MedJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via

  • CVE-2016-1685MedJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

  • CVE-2016-1684HigJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via

  • CVE-2016-1683HigJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

  • CVE-2016-1682MedJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a

  • CVE-2016-1681HigJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

  • CVE-2016-1680HigJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.

  • CVE-2016-1679HigJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecifi

  • CVE-2016-1678HigJun 5, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted Ja

Page 173 of 203