154 matches found
CVE-2017-5128
Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL...
Google Chrome Full Screen Warning Vulnerability
Google Chrome for Linux, Windows, Mac and Android is a web browser based on Linux, Windows, Mac and Android platforms developed by Google, Inc.Blink is a set of browser layout engine rendering engine developed by Google, Inc. and Opera Software, Inc. Blink is a set of browser layout engine...
UBUNTU-CVE-2017-5093
Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page...
UBUNTU-CVE-2017-5075
Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page...
chromium-browser: uxss with mhtml
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...
Google Chrome Blink Generic Cross-Site Scripting Vulnerability (CNVD-2017-02111)
Google Chrome is a popular web browser. A generic cross-site scripting vulnerability exists in Google Chrome Blink, which allows remote attackers to exploit the vulnerability to build malicious WEB pages that can be parsed by a user and can be used to execute arbitrary code...
CVE-2017-5006
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
CVE-2016-9650
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page...
CVE-2016-5205
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
chromium-browser: limited xss in blink
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar...
Google Chrome Blink Cross-Site Scripting Vulnerability (CNVD-2016-12105)
Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A cross-site scripting vulnerability exists in Blink in versions of Google Chrome prior to 55.0.2883.75. An attacker can exploit...
Google Chrome Blink Cross-Site Scripting Vulnerability (CNVD-2016-12101)
Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A cross-site scripting vulnerability exists in Blink in versions of Google Chrome prior to 55.0.2883.75. An attacker can exploit...
Google Chrome Blink Cross-Site Scripting Vulnerability (CNVD-2016-12103)
Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A cross-site scripting vulnerability exists in Blink in versions of Google Chrome prior to 55.0.2883.75. An attacker can exploit...
Google Chrome Blink Memory Misreference Vulnerability (CNVD-2016-07805)
Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A memory misreference vulnerability exists in Blink in versions of Google Chrome prior to 53.0.2785.113. An attacker could explo...
Google Chrome Blink Memory Misreference Vulnerability (CNVD-2016-07804)
Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A memory misreference vulnerability exists in Blink in versions of Google Chrome prior to 53.0.2785.113. An attacker could explo...
CVE-2016-5147
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS UXSS."...
Google Chrome Blink Cross-Site Scripting Vulnerability (CNVD-2016-07201)
Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A cross-site scripting vulnerability exists in Blink in versions of Google Chrome prior to 53.0.2785.89. An attacker can exploit...
Google Chrome Blink Arbitrary Code Execution Vulnerability (CNVD-2016-07198)
Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. An arbitrary code execution vulnerability exists in Blink in versions of Google Chrome prior to 53.0.2785.89. An attacker could...
Google Chrome Blink Cross-Site Scripting Vulnerability (CNVD-2016-07202)
Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A cross-site scripting vulnerability exists in Blink in versions of Google Chrome prior to 53.0.2785.89. An attacker could use...
UBUNTU-CVE-2016-5148
Cross-site scripting XSS vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS UXSS."...