Search
Total
3051 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5189 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | |||||
| CVE-2016-5188 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. | |||||
| CVE-2016-5187 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | |||||
| CVE-2016-5186 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 5.3 MEDIUM |
| Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files. | |||||
| CVE-2016-5185 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. | |||||
| CVE-2016-5184 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files. | |||||
| CVE-2016-5183 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files. | |||||
| CVE-2016-5182 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages. | |||||
| CVE-2016-5181 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages. | |||||
| CVE-2016-5176 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. | |||||
| CVE-2016-5175 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2016-5174 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site. | |||||
| CVE-2016-5173 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 7.1 HIGH |
| The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack. | |||||
| CVE-2016-5172 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code. | |||||
| CVE-2016-5171 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code. | |||||
| CVE-2016-5170 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls. | |||||
| CVE-2016-5223 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file. | |||||
| CVE-2016-5222 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2016-5221 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 6.3 MEDIUM |
| Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page. | |||||
| CVE-2016-5220 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file. | |||||
| CVE-2016-5217 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2016-5213 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2016-5214 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page. | |||||
| CVE-2016-5215 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 6.3 MEDIUM |
| A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2016-5216 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 6.3 MEDIUM |
| A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | |||||
| CVE-2016-5219 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 6.3 MEDIUM |
| A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2013-6629 | 3 Artifex, Google, Oracle | 3 Gpl Ghostscript, Chrome, Solaris | 2018-01-05 | 5.0 MEDIUM | N/A |
| The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | |||||
| CVE-2015-1302 | 1 Google | 1 Chrome | 2018-01-05 | 7.5 HIGH | N/A |
| The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc. | |||||
| CVE-2014-1681 | 1 Google | 1 Chrome | 2018-01-03 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting." | |||||
| CVE-2017-5115 | 2 Google, Microsoft | 2 Chrome, Windows | 2017-12-31 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | |||||
| CVE-2017-5112 | 2 Google, Microsoft | 2 Chrome, Windows | 2017-12-31 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
| CVE-2017-5117 | 4 Debian, Google, Linux and 1 more | 4 Debian Linux, Chrome, Linux Kernel and 1 more | 2017-12-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2017-5119 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-12-31 | 4.3 MEDIUM | 4.3 MEDIUM |
| Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2011-3094 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2014-3155 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance. | |||||
| CVE-2014-3152 | 2 Fedoraproject, Google | 3 Fedora, Chrome, V8 | 2017-12-29 | 7.5 HIGH | N/A |
| Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value. | |||||
| CVE-2014-3154 | 1 Google | 1 Chrome | 2017-12-29 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown. | |||||
| CVE-2011-3085 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values. | |||||
| CVE-2011-3086 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element. | |||||
| CVE-2011-3087 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-3088 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3089 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables. | |||||
| CVE-2011-3090 | 1 Google | 1 Chrome | 2017-12-29 | 7.6 HIGH | N/A |
| Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes. | |||||
| CVE-2011-3091 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-3092 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-3093 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3096 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2017-12-29 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an error in the GTK implementation of the omnibox. | |||||
| CVE-2011-3095 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. | |||||
| CVE-2014-1743 | 1 Google | 1 Chrome | 2017-12-29 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation. | |||||
| CVE-2014-1744 | 1 Google | 1 Chrome | 2017-12-29 | 7.5 HIGH | N/A |
| Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation. | |||||