198 matches found
CVE-2016-1648
Removed by vendor...
CVE-2016-1646
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...
CVE-2016-1632
Removed by vendor...
Code injection
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact vi...
CVE-2016-1612
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact vi...
CVE-2016-1612
Removed by vendor...
CVE-2016-1612
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact vi...
CVE-2015-7220
Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code...
CVE-2015-7220
Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code...
CVE-2015-6772
The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin...
CVE-2015-6771
js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified other impact via crafted JavaScript code...
Out-of-bounds
js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified other impact via crafted JavaScript code...
CVE-2015-6774
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimesextensionbindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that...
Out-of-bounds
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have...
Design/Logic Flaw
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimesextensionbindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that...
CVE-2015-6764
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have...
CVE-2015-6772
Removed by vendor...
CVE-2015-6774
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimesextensionbindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that...
CVE-2015-6764
CVE-2015-6764 is an out-of-bounds read in Google V8’s BasicJsonStringifier::SerializeJSArray used by Chrome up to version 47.0.2526.73. The issue allows remote denial-of-service or other impact via crafted JavaScript; Debian advisory confirms the flaw and provides fixed package version 47.0.2526....
CVE-2015-6764
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have...