VYPR

rpm package

opensuse/chromium&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed

Vulnerabilities (4,053)

  • CVE-2016-1637MedMar 6, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site.

  • CVE-2016-1636CriMar 6, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subre

  • CVE-2016-1635CriMar 6, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of service (use-after-free) or po

  • CVE-2016-1634HigMar 6, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other imp

  • CVE-2016-1633CriMar 6, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2016-1632HigMar 6, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h a

  • CVE-2016-1631HigMar 6, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted w

  • CVE-2016-1630HigMar 6, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site.

  • CVE-2016-1629CriFeb 21, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.

  • CVE-2016-1627HigFeb 14, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restric

  • CVE-2016-1626MedFeb 14, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

  • CVE-2016-1625MedFeb 14, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_servi

  • CVE-2016-1624HigFeb 14, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compre

  • CVE-2016-1623HigFeb 14, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cp

  • CVE-2016-1622HigFeb 14, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

  • CVE-2016-1620HigJan 25, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1619HigJan 25, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecifi

  • CVE-2016-1618MedJan 25, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

  • CVE-2016-1617MedJan 25, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, w

  • CVE-2016-1616MedJan 25, 2016
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.

Page 176 of 203