VYPR

Vendor CVEs

Google

All CVEs

11,415 total · sorted by risk
  • CVE-2017-5101MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

  • CVE-2017-5094MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.02

    Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page.

  • CVE-2017-5093MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.

  • CVE-2017-5090MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.00

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.115 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name containing a U+0620 character, aka Apple rdar problem 32458012.

  • CVE-2017-5089MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.

  • CVE-2017-5086MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-5076MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-5072MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page.

  • CVE-2017-5067MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2017-5066MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML…

  • CVE-2017-5060MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2015-1239MedOct 18, 2017
    risk 0.42cvss 6.5epss 0.01

    Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.

  • CVE-2017-0783MedSep 14, 2017
    risk 0.42cvss 6.5epss 0.00

    A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.

  • CVE-2017-0792MedSep 8, 2017
    risk 0.42cvss 6.5epss 0.00

    A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301.

  • CVE-2017-3750MedJun 29, 2017
    risk 0.42cvss 6.4epss 0.00

    On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.

  • CVE-2017-3749MedJun 29, 2017
    risk 0.42cvss 6.4epss 0.00

    On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.

  • CVE-2015-3830MedJun 6, 2017
    risk 0.42cvss 6.5epss 0.00

    The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names.

  • CVE-2015-1207MedJun 6, 2017
    risk 0.42cvss 6.5epss 0.01

    Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.

  • CVE-2013-6662MedApr 13, 2017
    risk 0.42cvss 6.5epss 0.00

    Google Chrome caches TLS sessions before certificate validation occurs.

  • CVE-2017-5016MedFeb 17, 2017
    risk 0.42cvss 6.5epss 0.01

    Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a…

  • CVE-2017-5015MedFeb 17, 2017
    risk 0.42cvss 6.5epss 0.01

    Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-5013MedFeb 17, 2017
    risk 0.42cvss 6.5epss 0.01

    Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2017-5011MedFeb 17, 2017
    risk 0.42cvss 6.5epss 0.01

    Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.

  • CVE-2016-5223MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.

  • CVE-2016-5222MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2016-5220MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file.

  • CVE-2016-5218MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page…

  • CVE-2016-5217MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.

  • CVE-2016-5212MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page.

  • CVE-2016-5201MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.

  • CVE-2016-5192MedDec 18, 2016
    risk 0.42cvss 6.5epss 0.01

    Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.

  • CVE-2016-5189MedDec 18, 2016
    risk 0.42cvss 6.5epss 0.01

    Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.

  • CVE-2016-5187MedDec 18, 2016
    risk 0.42cvss 6.5epss 0.01

    Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.

  • CVE-2016-5348MedOct 10, 2016
    risk 0.42cvss 5.9epss 0.04

    The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service (memory consumption, and device hang or reboot) via a large xtra.bin or…

  • CVE-2016-3882MedOct 10, 2016
    risk 0.42cvss 6.5epss 0.00

    Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka…

  • CVE-2016-5176MedSep 29, 2016
    risk 0.42cvss 6.5epss 0.01

    Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.

  • CVE-2016-5174MedSep 25, 2016
    risk 0.42cvss 6.5epss 0.01

    browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.

  • CVE-2016-5172MedSep 25, 2016
    risk 0.42cvss 6.5epss 0.02

    The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.

  • CVE-2016-5162MedSep 11, 2016
    risk 0.42cvss 6.5epss 0.01

    The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on…

  • CVE-2016-5160MedSep 11, 2016
    risk 0.42cvss 6.5epss 0.01

    The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on…

  • CVE-2016-5155MedSep 11, 2016
    risk 0.42cvss 6.5epss 0.01

    Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.

  • CVE-2016-5135MedJul 23, 2016
    risk 0.42cvss 6.5epss 0.02

    WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP)…

  • CVE-2016-5130MedJul 23, 2016
    risk 0.42cvss 6.5epss 0.01

    content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.

  • CVE-2016-1707MedJul 23, 2016
    risk 0.42cvss 6.5epss 0.01

    ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.

  • CVE-2016-1702MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.

  • CVE-2016-1699MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows…

  • CVE-2016-1698MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned…

  • CVE-2016-1689MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

  • CVE-2016-1688MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.02

    The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

  • CVE-2016-1687MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.

Page 136 of 229