VYPR

Chrome

by Google

Source repositories

CVEs (5,373)

  • CVE-2016-9650MedJan 19, 2017
    risk 0.28cvss 4.3epss 0.01

    Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.

  • CVE-2016-5225MedJan 19, 2017
    risk 0.28cvss 4.3epss 0.01

    Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.

  • CVE-2016-5224MedJan 19, 2017
    risk 0.28cvss 4.3epss 0.01

    A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.

  • CVE-2016-5214MedJan 19, 2017
    risk 0.28cvss 4.3epss 0.01

    Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page.

  • CVE-2016-5193MedDec 18, 2016
    risk 0.28cvss 4.3epss 0.01

    Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.

  • CVE-2016-5188MedDec 18, 2016
    risk 0.28cvss 4.3epss 0.01

    Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.

  • CVE-2016-5163MedSep 11, 2016
    risk 0.28cvss 4.3epss 0.01

    The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode…

  • CVE-2016-5137MedJul 23, 2016
    risk 0.28cvss 4.3epss 0.01

    The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies…

  • CVE-2016-1664MedMay 14, 2016
    risk 0.28cvss 4.3epss 0.01

    The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar…

  • CVE-2016-1658MedApr 18, 2016
    risk 0.28cvss 4.3epss 0.01

    The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.

  • CVE-2016-1657MedApr 18, 2016
    risk 0.28cvss 4.3epss 0.01

    The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.

  • CVE-2016-1640MedMar 6, 2016
    risk 0.28cvss 4.3epss 0.01

    The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request…

  • CVE-2016-1626MedFeb 14, 2016
    risk 0.28cvss 4.3epss 0.01

    The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

  • CVE-2016-1625MedFeb 14, 2016
    risk 0.28cvss 4.3epss 0.01

    The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to…

  • CVE-2016-1617MedJan 25, 2016
    risk 0.28cvss 4.3epss 0.01

    The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs,…

  • CVE-2016-1616MedJan 25, 2016
    risk 0.28cvss 4.3epss 0.01

    The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.

  • CVE-2016-1614MedJan 25, 2016
    risk 0.28cvss 4.3epss 0.01

    The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process…

  • CVE-2026-9986MedMay 28, 2026
    risk 0.27cvss 4.2epss 0.00

    Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9110MedMay 20, 2026
    risk 0.27cvss 4.2epss 0.00

    Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-8584MedMay 14, 2026
    risk 0.27cvss 4.2epss 0.00

    Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Page 174 of 269