Vulnerabilities > Google > Chrome > 10.0.648.134

DATE CVE VULNERABILITY TITLE RISK
2016-03-06 CVE-2016-1642 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-03-06 CVE-2016-1641 Unspecified vulnerability in Google Chrome
Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download.
network
low complexity
google
8.8
2016-03-06 CVE-2016-1640 Code vulnerability in Google Chrome
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site.
network
low complexity
google CWE-17
4.3
2016-03-06 CVE-2016-1639 Unspecified vulnerability in Google Chrome
Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer.
network
low complexity
google
critical
9.8
2016-03-06 CVE-2016-1638 Improper Access Control vulnerability in Google Chrome
extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app.
network
low complexity
google CWE-284
6.3
2016-03-06 CVE-2016-1637 Information Exposure vulnerability in Google Chrome
The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site.
network
low complexity
google CWE-200
6.5
2016-03-06 CVE-2016-1636 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.
network
low complexity
google CWE-264
critical
9.8
2016-03-06 CVE-2016-1635 Unspecified vulnerability in Google Chrome
extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-03-06 CVE-2016-1634 Unspecified vulnerability in Google Chrome
Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that triggers Cascading Style Sheets (CSS) style invalidation during a certain subtree-removal action.
network
low complexity
google
8.8
2016-03-06 CVE-2016-1633 Unspecified vulnerability in Google Chrome
Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google
critical
9.8