Chrome@48.0.2564.116 Security Vulnerabilities and Issues — Chrome@48.0.2564.116 CVE List

Lucene search

GoogleChrome48.0.2564.116

16 matches found

CVE•added 2016/03/06 2:59 a.m.•79 views

CVE-2016-1632

The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h.

8.8CVSS8.7AI score0.01206EPSS

CVE•added 2016/03/06 2:59 a.m.•75 views

CVE-2016-1631

The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

8.8CVSS8.5AI score0.0097EPSS

CVE•added 2016/03/06 2:59 a.m.•73 views

CVE-2016-1636

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (a...

9.8CVSS8.7AI score0.01448EPSS

CVE•added 2016/03/06 2:59 a.m.•72 views

CVE-2016-1630

The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site.

8.8CVSS8.4AI score0.0097EPSS

CVE•added 2016/03/06 2:59 a.m.•69 views

CVE-2016-1633

Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

10CVSS9.2AI score0.05377EPSS

CVE•added 2016/03/06 2:59 a.m.•68 views

CVE-2016-1640

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the use...

4.3CVSS5.7AI score0.00764EPSS

CVE•added 2016/03/06 2:59 a.m.•65 views

CVE-2016-1635

extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspeci...

10CVSS9.2AI score0.05377EPSS

CVE•added 2016/03/06 2:59 a.m.•65 views

CVE-2016-1637

The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site.

6.5CVSS6.9AI score0.01052EPSS

CVE•added 2016/03/06 2:59 a.m.•65 views

CVE-2016-1638

extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app.

6.8CVSS7AI score0.00765EPSS

CVE•added 2016/03/06 2:59 a.m.•64 views

CVE-2016-1641

Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonst...

9.3CVSS9.2AI score0.01674EPSS

CVE•added 2016/03/06 2:59 a.m.•64 views

CVE-2016-1642

Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

10CVSS9.2AI score0.01749EPSS

CVE•added 2016/03/06 2:59 a.m.•63 views

CVE-2016-1634

Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted w...

9.3CVSS9.1AI score0.01881EPSS

CVE•added 2016/03/06 2:59 a.m.•60 views

CVE-2016-1639

Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging in...

10CVSS9.2AI score0.05501EPSS

CVE•added 2016/03/06 2:59 a.m.•60 views

CVE-2016-2843

Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

10CVSS9.5AI score0.00889EPSS

CVE•added 2016/03/06 2:59 a.m.•55 views

CVE-2016-2844

WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other...

9.3CVSS9.2AI score0.01912EPSS

CVE•added 2016/03/06 2:59 a.m.•46 views

CVE-2016-2845

The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...

5.3CVSS6.3AI score0.00215EPSS