VYPR

Chrome

by Google

Source repositories

CVEs (5,401)

  • CVE-2016-5183HigDec 18, 2016
    risk 0.57cvss 8.8epss 0.01

    A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.

  • CVE-2016-5182HigDec 18, 2016
    risk 0.57cvss 8.8epss 0.01

    Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.

  • CVE-2016-7549HigSep 25, 2016
    risk 0.57cvss 8.8epss 0.01

    Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified…

  • CVE-2016-5175HigSep 25, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-5171HigSep 25, 2016
    risk 0.57cvss 8.8epss 0.01

    WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted…

  • CVE-2016-5170HigSep 25, 2016
    risk 0.57cvss 8.8epss 0.01

    WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly…

  • CVE-2016-5169HigSep 25, 2016
    risk 0.57cvss 8.8epss 0.01

    Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2016-7395HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and…

  • CVE-2016-5167HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-5161HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of…

  • CVE-2016-5159HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.02

    Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via…

  • CVE-2016-5158HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.02

    Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or…

  • CVE-2016-5156HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of…

  • CVE-2016-5154HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.

  • CVE-2016-5153HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have…

  • CVE-2016-5152HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.02

    Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or…

  • CVE-2016-5151HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to…

  • CVE-2016-5150HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation,…

  • CVE-2016-5149HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging…

  • CVE-2016-5145HigAug 7, 2016
    risk 0.57cvss 8.8epss 0.01

    Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted…

Page 88 of 271