Chrome@54.0.2840.99 Security Vulnerabilities and Issues — Chrome@54.0.2840.99 CVE List

Lucene search

GoogleChrome54.0.2840.99

25 matches found

CVE•added 2017/01/19 5:59 a.m.•91 views

CVE-2016-5204

Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

6.1CVSS6.8AI score0.003EPSS

CVE•added 2017/01/19 5:59 a.m.•90 views

CVE-2016-5203

A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.8AI score0.00543EPSS

CVE•added 2017/01/19 5:59 a.m.•85 views

CVE-2016-5208

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

6.1CVSS6.7AI score0.00247EPSS

CVE•added 2017/01/19 5:59 a.m.•84 views

CVE-2016-5217

The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.

6.5CVSS6.5AI score0.00224EPSS

CVE•added 2017/01/19 5:59 a.m.•83 views

CVE-2016-5210

Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.9AI score0.00821EPSS

CVE•added 2017/01/19 5:59 a.m.•83 views

CVE-2016-5211

8.8CVSS8.8AI score0.00543EPSS

CVE•added 2017/01/19 5:59 a.m.•82 views

CVE-2016-5220

PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file.

6.5CVSS6.5AI score0.00374EPSS

CVE•added 2017/01/19 5:59 a.m.•81 views

CVE-2016-5207

In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.

6.1CVSS7.4AI score0.00216EPSS

CVE•added 2017/01/19 5:59 a.m.•80 views

CVE-2016-5222

Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.4AI score0.00356EPSS

CVE•added 2017/01/19 5:59 a.m.•80 views

CVE-2016-5224

A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.

4.3CVSS5.1AI score0.00231EPSS

CVE•added 2017/01/19 5:59 a.m.•78 views

CVE-2016-5205

Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

6.1CVSS6.7AI score0.00247EPSS

CVE•added 2017/01/19 5:59 a.m.•78 views

CVE-2016-9650

Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.

4.3CVSS5.1AI score0.00231EPSS

CVE•added 2017/01/19 5:59 a.m.•76 views

CVE-2016-5215

A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.8CVSS6.9AI score0.00492EPSS

CVE•added 2017/01/19 5:59 a.m.•76 views

CVE-2016-5221

Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.

6.8CVSS6.6AI score0.00303EPSS

CVE•added 2017/01/19 5:59 a.m.•76 views

CVE-2016-5225

Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.

4.3CVSS5.1AI score0.00231EPSS

CVE•added 2017/01/19 5:59 a.m.•76 views

CVE-2016-5226

Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.

6.1CVSS6.7AI score0.00163EPSS

CVE•added 2017/01/19 5:59 a.m.•75 views

CVE-2016-5212

Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page.

6.5CVSS6.5AI score0.00374EPSS

CVE•added 2017/01/19 5:59 a.m.•75 views

CVE-2016-5216

A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

6.8CVSS6.9AI score0.00492EPSS

CVE•added 2017/01/19 5:59 a.m.•75 views

CVE-2016-5219

A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.8CVSS7.2AI score0.00534EPSS

CVE•added 2017/01/19 5:59 a.m.•74 views

CVE-2016-5214

Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page.

4.3CVSS5.5AI score0.00328EPSS

CVE•added 2017/01/19 5:59 a.m.•71 views

CVE-2016-5213

A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00512EPSS

CVE•added 2017/01/19 5:59 a.m.•69 views

CVE-2016-5218

The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data.

6.5CVSS6.4AI score0.00356EPSS

CVE•added 2017/01/19 5:59 a.m.•69 views

CVE-2016-5223

Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.

6.5CVSS7.3AI score0.00481EPSS

CVE•added 2017/01/19 5:59 a.m.•66 views

CVE-2016-5206

The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.

8.8CVSS8AI score0.00299EPSS

CVE•added 2017/01/19 5:59 a.m.•64 views

CVE-2016-5209

Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00543EPSS