UBUNTU-CVE-2018-6066

Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

The vulnerability of Google Chrome browser allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The use of V8 bindings after release in Blink allows remote attackers to trigger service failures or otherwise affect the system by using operations on the HashMap instead of set HashMap. This vulnerability is related to the files bindings/core/v8/DOMWrapperMap.h and...

UBUNTU-CVE-2016-1697

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...

chromium-browser: Uninitialized value in blink

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which t...