Chrome@57.0.2987.75 Security Vulnerabilities and Issues — Chrome@57.0.2987.75 CVE List

Lucene search

GoogleChrome57.0.2987.75

21 matches found

CVE•added 2017/04/24 11:59 p.m.•186 views

CVE-2017-5029

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bou...

8.8CVSS7.6AI score0.01633EPSS

CVE•added 2017/04/24 11:59 p.m.•101 views

CVE-2017-5033

Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keywor...

4.3CVSS4.8AI score0.00606EPSS

CVE•added 2017/04/24 11:59 p.m.•98 views

CVE-2017-5045

XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.

6.1CVSS4.7AI score0.00854EPSS

CVE•added 2017/04/24 11:59 p.m.•94 views

CVE-2017-5046

V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure.

4.3CVSS4.5AI score0.01156EPSS

CVE•added 2017/04/24 11:59 p.m.•92 views

CVE-2017-5031

A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.2AI score0.00878EPSS

CVE•added 2017/04/24 11:59 p.m.•92 views

CVE-2017-5037

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

7.8CVSS7.6AI score0.00279EPSS

CVE•added 2017/04/24 11:59 p.m.•91 views

CVE-2017-5040

V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.

4.3CVSS4.8AI score0.03922EPSS

CVE•added 2017/04/24 11:59 p.m.•90 views

CVE-2017-5044

Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.8CVSS6.6AI score0.01013EPSS

CVE•added 2017/04/24 11:59 p.m.•87 views

CVE-2017-5035

Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.

8.1CVSS7.7AI score0.00435EPSS

CVE•added 2017/04/24 11:59 p.m.•87 views

CVE-2017-5043

Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

8.8CVSS8.2AI score0.01098EPSS

CVE•added 2017/04/24 11:59 p.m.•86 views

CVE-2017-5038

6.8CVSS6.7AI score0.00942EPSS

CVE•added 2017/04/24 11:59 p.m.•81 views

CVE-2017-5036

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.

7.8CVSS7.5AI score0.00279EPSS

CVE•added 2017/04/24 11:59 p.m.•81 views

CVE-2017-5039

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

7.8CVSS7.8AI score0.00279EPSS

CVE•added 2017/04/24 11:59 p.m.•81 views

CVE-2017-5042

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.

5.7CVSS6AI score0.00044EPSS

CVE•added 2017/04/24 11:59 p.m.•73 views

CVE-2017-5034

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

8.8CVSS8.2AI score0.00911EPSS

CVE•added 2017/04/24 11:59 p.m.•70 views

CVE-2017-5032

PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.4AI score0.00911EPSS

CVE•added 2017/04/25 3:59 a.m.•70 views

CVE-2017-5047

8.8CVSS8.1AI score0.0031EPSS

CVE•added 2017/04/25 3:59 a.m.•59 views

CVE-2017-5048

8.8CVSS8.1AI score0.0031EPSS

CVE•added 2017/04/25 3:59 a.m.•58 views

CVE-2017-5051

8.8CVSS8.1AI score0.0031EPSS

CVE•added 2017/04/25 3:59 a.m.•52 views

CVE-2017-5050