Chrome Security Vulnerabilities and Issues — Chrome CVE List

Lucene search

GoogleChrome

11 matches found

CVE•added 2016/01/25 11:59 a.m.•93 views

CVE-2016-2052

Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a...

7.6CVSS7.9AI score0.00483EPSS

CVE•added 2016/01/25 11:59 a.m.•90 views

CVE-2016-1612

The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via ...

7.6CVSS8.4AI score0.01029EPSS

CVE•added 2016/01/25 11:59 a.m.•90 views

CVE-2016-1614

The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafte...

4.3CVSS5.5AI score0.00794EPSS

CVE•added 2016/01/25 11:59 a.m.•83 views

CVE-2016-1618

Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

6.5CVSS7.2AI score0.00913EPSS

CVE•added 2016/01/25 11:59 a.m.•80 views

CVE-2016-1613

Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction...

7.6CVSS8.5AI score0.0087EPSS

CVE•added 2016/01/25 11:59 a.m.•80 views

CVE-2016-1615

The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.

6.5CVSS7AI score0.00755EPSS

CVE•added 2016/01/25 11:59 a.m.•80 views

CVE-2016-1617

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easie...

4.3CVSS5.7AI score0.00635EPSS

CVE•added 2016/01/25 11:59 a.m.•77 views

CVE-2016-1620

Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

9.3CVSS9.2AI score0.01055EPSS

CVE•added 2016/01/25 11:59 a.m.•65 views

CVE-2016-1616

The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.

4.3CVSS5.6AI score0.0118EPSS

CVE•added 2016/01/25 11:59 a.m.•59 views

CVE-2016-1619

Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via...

7.6CVSS8.3AI score0.00799EPSS

CVE•added 2016/01/25 11:59 a.m.•56 views

CVE-2016-2051

Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

9.8CVSS9.5AI score0.003EPSS