VYPR

Chrome

by Google

Source repositories

CVEs (5,320)

  • CVE-2015-6758Oct 15, 2015
    risk 0.00cvss epss 0.01

    The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have…

  • CVE-2015-6757Oct 15, 2015
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object…

  • CVE-2015-6756Oct 15, 2015
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by…

  • CVE-2015-6755Oct 15, 2015
    risk 0.00cvss epss 0.02

    The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass…

  • CVE-2015-1304Oct 12, 2015
    risk 0.00cvss epss 0.02

    object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.

  • CVE-2015-1303Oct 12, 2015
    risk 0.00cvss epss 0.02

    bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document…

  • CVE-2015-6583Sep 3, 2015
    risk 0.00cvss epss 0.01

    Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and…

  • CVE-2015-6582Sep 3, 2015
    risk 0.00cvss epss 0.01

    The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and…

  • CVE-2015-6581Sep 3, 2015
    risk 0.00cvss epss 0.03

    Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by…

  • CVE-2015-6580Sep 3, 2015
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2015-1301Sep 3, 2015
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2015-1300Sep 3, 2015
    risk 0.00cvss epss 0.02

    The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to…

  • CVE-2015-1299Sep 3, 2015
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to…

  • CVE-2015-1298Sep 3, 2015
    risk 0.00cvss epss 0.01

    The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to…

  • CVE-2015-1297Sep 3, 2015
    risk 0.00cvss epss 0.02

    The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a…

  • CVE-2015-1296Sep 3, 2015
    risk 0.00cvss epss 0.01

    The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these…

  • CVE-2015-1295Sep 3, 2015
    risk 0.00cvss epss 0.02

    Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by…

  • CVE-2015-1294Sep 3, 2015
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix…

  • CVE-2015-1293Sep 3, 2015
    risk 0.00cvss epss 0.02

    The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2015-1292Sep 3, 2015
    risk 0.00cvss epss 0.02

    The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.

Page 212 of 266