2043 matches found
CVE-2016-5186
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files...
CVE-2016-5186
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files...
Ubuntu 14.04 LTS / 16.04 LTS : Oxide vulnerabilities (USN-3058-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3058-1 advisory. An issue was discovered in Blink involving the provisional URL for an initially empty document. An attacker could potentially exploit this to...
openSUSE Security Update : Chromium (openSUSE-2016-1080)
Chromium was updated to 53.0.2785.101 to fix a number of security issues and bugs. The following vulnerabilities were fixed: boo996648 - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free...
USN-3058-1 oxide-qt vulnerabilities
An issue was discovered in Blink involving the provisional URL for an initially empty document. An attacker could potentially exploit this to spoof the currently displayed URL. CVE-2016-5141 A use-after-free was discovered in the WebCrypto implementation in Blink. If a user were tricked in to...
chromium-browser: universal xss using devtools
Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...
chromium-browser: script injection in devtools
Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...
CVE-2016-5165
Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...
CVE-2016-5165
Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...
CVE-2016-5164
Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...
CVE-2016-5165
Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...
CVE-2016-5164
Chromium/Chrome vulnerability CVE-2016-5164 is a cross-site scripting (UXSS) issue in Blink’s DevTools component (WebKit/Blink) via V8Debugger.cpp. A crafted web site can inject arbitrary script/HTML into DevTools, as described in the CVE entry. Affected versions include Chrome up to 53.0.2785.89...
CVE-2016-5165
CVE-2016-5165 is a Cross-site Scripting vulnerability in Google Chrome’s DevTools (DevTools subsystem) allowing remote attackers to inject arbitrary web script or HTML via the settings parameter of a chrome-devtools-frontend.appspot.com URL query string. Affected: Google Chrome on Windows, macOS ...
CVE-2016-5165
Removed by vendor...
UBUNTU-CVE-2016-5165
Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...
CVE-2016-5165
Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...
UBUNTU-CVE-2016-5164
Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...
Google Chrome < 53.0.2785.89 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 53.0.2785.89. It is, therefore, affected by multiple vulnerabilities as referenced in the 201608stable-channel-update-for-desktop31 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on...
Updated chromium-browser-stable packages fix security vulnerability
Chromium-browser-stable 52.0.2743.116 fixes security issues: two heap overflow issues in pdfium CVE-2016-5139 and CVE-2016-5140; an address bar spoofing problem CVE-2016-5141; a use-after-free bug CVE-2016-5142 and a same origin bypass problem CVE-2016-5145 in blink; two parameter sanitization...
chromium-browser: Parameter sanitization failure in DevTools
The Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different...