VYPR

Vendor CVEs

Google

All CVEs

11,329 total · sorted by risk
  • CVE-2017-5032HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.01

    PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-5031HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5029HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.02

    The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to…

  • CVE-2016-2433HigApr 21, 2017
    risk 0.57cvss 8.8epss 0.01

    The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel.

  • CVE-2017-5012HigFeb 17, 2017
    risk 0.57cvss 8.8epss 0.02

    A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5009HigFeb 17, 2017
    risk 0.57cvss 8.8epss 0.01

    WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2016-5213HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2016-5211HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2016-5210HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2016-5209HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.01

    Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2016-5206HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.01

    The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.

  • CVE-2016-5203HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2016-5200HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.02

    V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2016-5199HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.01

    An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a…

  • CVE-2016-5197HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.01

    The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.

  • CVE-2016-5196HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.01

    The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged…

  • CVE-2016-5185HigDec 18, 2016
    risk 0.57cvss 8.8epss 0.01

    Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.

  • CVE-2016-5184HigDec 18, 2016
    risk 0.57cvss 8.8epss 0.01

    PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.

  • CVE-2016-5183HigDec 18, 2016
    risk 0.57cvss 8.8epss 0.01

    A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.

  • CVE-2016-5182HigDec 18, 2016
    risk 0.57cvss 8.8epss 0.01

    Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.

  • CVE-2016-7549HigSep 25, 2016
    risk 0.57cvss 8.8epss 0.01

    Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified…

  • CVE-2016-5175HigSep 25, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-5171HigSep 25, 2016
    risk 0.57cvss 8.8epss 0.01

    WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted…

  • CVE-2016-5170HigSep 25, 2016
    risk 0.57cvss 8.8epss 0.01

    WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly…

  • CVE-2016-5169HigSep 25, 2016
    risk 0.57cvss 8.8epss 0.01

    Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2016-7395HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and…

  • CVE-2016-5167HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-5161HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of…

  • CVE-2016-5159HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.02

    Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via…

  • CVE-2016-5158HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.02

    Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or…

  • CVE-2016-5156HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of…

  • CVE-2016-5154HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.

  • CVE-2016-5153HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have…

  • CVE-2016-5152HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.02

    Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or…

  • CVE-2016-5151HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to…

  • CVE-2016-5150HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation,…

  • CVE-2016-5149HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.01

    The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging…

  • CVE-2016-5145HigAug 7, 2016
    risk 0.57cvss 8.8epss 0.01

    Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted…

  • CVE-2016-5138HigAug 1, 2016
    risk 0.57cvss 8.8epss 0.01

    Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication.

  • CVE-2016-5136HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.01

    Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.

  • CVE-2016-5134HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.02

    net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a…

  • CVE-2016-5132HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.01

    The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element…

  • CVE-2016-5131HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

  • CVE-2016-5129HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.02

    Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.

  • CVE-2016-5128HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.01

    objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

  • CVE-2016-1711HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.01

    WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

  • CVE-2016-1710HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.01

    The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

  • CVE-2016-1708HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.01

    The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or…

  • CVE-2016-1705HigJul 23, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1704HigJul 3, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Page 18 of 227