VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2017-5011MedFeb 17, 2017
    risk 0.42cvss 6.5epss 0.01

    Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.

  • CVE-2016-5223MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.

  • CVE-2016-5222MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2016-5220MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file.

  • CVE-2016-5218MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page…

  • CVE-2016-5217MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.

  • CVE-2016-5212MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page.

  • CVE-2016-5201MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.

  • CVE-2016-5192MedDec 18, 2016
    risk 0.42cvss 6.5epss 0.01

    Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.

  • CVE-2016-5189MedDec 18, 2016
    risk 0.42cvss 6.5epss 0.01

    Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.

  • CVE-2016-5187MedDec 18, 2016
    risk 0.42cvss 6.5epss 0.01

    Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.

  • CVE-2016-5176MedSep 29, 2016
    risk 0.42cvss 6.5epss 0.01

    Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.

  • CVE-2016-5174MedSep 25, 2016
    risk 0.42cvss 6.5epss 0.01

    browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.

  • CVE-2016-5172MedSep 25, 2016
    risk 0.42cvss 6.5epss 0.02

    The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.

  • CVE-2016-5162MedSep 11, 2016
    risk 0.42cvss 6.5epss 0.01

    The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on…

  • CVE-2016-5160MedSep 11, 2016
    risk 0.42cvss 6.5epss 0.01

    The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on…

  • CVE-2016-5155MedSep 11, 2016
    risk 0.42cvss 6.5epss 0.01

    Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.

  • CVE-2016-5135MedJul 23, 2016
    risk 0.42cvss 6.5epss 0.02

    WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP)…

  • CVE-2016-5130MedJul 23, 2016
    risk 0.42cvss 6.5epss 0.01

    content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.

  • CVE-2016-1707MedJul 23, 2016
    risk 0.42cvss 6.5epss 0.01

    ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.

Page 144 of 269