VYPR

rpm package

suse/chromium&distro=SUSE Package Hub 12

pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012

Vulnerabilities (132)

  • CVE-2016-5151HigSep 11, 2016
    affected < 53.0.2785.89-96.1fixed 53.0.2785.89-96.1

    PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk

  • CVE-2016-5150HigSep 11, 2016
    affected < 53.0.2785.89-96.1fixed 53.0.2785.89-96.1

    WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, w

  • CVE-2016-5149HigSep 11, 2016
    affected < 53.0.2785.89-96.1fixed 53.0.2785.89-96.1

    The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging scrip

  • CVE-2016-5148MedSep 11, 2016
    affected < 53.0.2785.89-96.1fixed 53.0.2785.89-96.1

    Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)."

  • CVE-2016-5147MedSep 11, 2016
    affected < 53.0.2785.89-96.1fixed 53.0.2785.89-96.1

    Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

  • CVE-2016-5146CriAug 7, 2016
    affected < 52.0.2743.116-92.1fixed 52.0.2743.116-92.1

    Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-5145HigAug 7, 2016
    affected < 52.0.2743.116-92.1fixed 52.0.2743.116-92.1

    Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaSc

  • CVE-2016-5144CriAug 7, 2016
    affected < 52.0.2743.116-92.1fixed 52.0.2743.116-92.1

    The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL

  • CVE-2016-5143CriAug 7, 2016
    affected < 52.0.2743.116-92.1fixed 52.0.2743.116-92.1

    The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL

  • CVE-2016-5142CriAug 7, 2016
    affected < 52.0.2743.116-92.1fixed 52.0.2743.116-92.1

    The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted

  • CVE-2016-5141HigAug 7, 2016
    affected < 52.0.2743.116-92.1fixed 52.0.2743.116-92.1

    Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.

  • CVE-2016-5140CriAug 7, 2016
    affected < 52.0.2743.116-92.1fixed 52.0.2743.116-92.1

    Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.

  • CVE-2016-5139HigAug 7, 2016
    affected < 52.0.2743.116-92.1fixed 52.0.2743.116-92.1

    Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG

  • CVE-2016-5137MedJul 23, 2016
    affected < 52.0.2743.82-89.1fixed 52.0.2743.82-89.1

    The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies t

  • CVE-2016-5136HigJul 23, 2016
    affected < 52.0.2743.82-89.1fixed 52.0.2743.82-89.1

    Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.

  • CVE-2016-5135MedJul 23, 2016
    affected < 52.0.2743.82-89.1fixed 52.0.2743.82-89.1

    WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP)

  • CVE-2016-5134HigJul 23, 2016
    affected < 52.0.2743.82-89.1fixed 52.0.2743.82-89.1

    net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a

  • CVE-2016-5133MedJul 23, 2016
    affected < 52.0.2743.82-89.1fixed 52.0.2743.82-89.1

    Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.

  • CVE-2016-5132HigJul 23, 2016
    affected < 52.0.2743.82-89.1fixed 52.0.2743.82-89.1

    The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside

  • CVE-2016-5131HigJul 23, 2016
    affected < 52.0.2743.82-89.1fixed 52.0.2743.82-89.1

    Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

Page 6 of 7