Chrome Security Vulnerabilities and Issues — Chrome CVE List

Lucene search

GoogleChrome

9 matches found

CVE•added 2016/08/07 7:59 p.m.•150 views

CVE-2016-5139

Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.

7.6CVSS7.3AI score0.01429EPSS

CVE•added 2016/08/07 7:59 p.m.•84 views

CVE-2016-5141

Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.

7.5CVSS7.8AI score0.01037EPSS

CVE•added 2016/08/07 7:59 p.m.•76 views

CVE-2016-5143

The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulne...

9.8CVSS8.8AI score0.0127EPSS

CVE•added 2016/08/07 7:59 p.m.•69 views

CVE-2016-5142

The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, re...

9.8CVSS9.4AI score0.01914EPSS

CVE•added 2016/08/07 7:59 p.m.•69 views

CVE-2016-5144

9.8CVSS8.8AI score0.0127EPSS

CVE•added 2016/08/07 7:59 p.m.•68 views

CVE-2016-5145

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

8.8CVSS8.7AI score0.01445EPSS

CVE•added 2016/08/07 7:59 p.m.•67 views

CVE-2016-5140

Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.

9.8CVSS9.7AI score0.02379EPSS

CVE•added 2016/08/07 7:59 p.m.•62 views

CVE-2016-5146

Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

9.8CVSS9.4AI score0.00564EPSS

CVE•added 2016/08/01 2:59 a.m.•33 views

CVE-2016-5138

Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication.

8.8CVSS8.4AI score0.01073EPSS