Vulnerabilities > Google > Chrome > 11.0.652.0

DATE CVE VULNERABILITY TITLE RISK
2016-08-07 CVE-2016-5143 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.
network
low complexity
google CWE-264
critical
9.8
2016-08-07 CVE-2016-5142 Use After Free vulnerability in Google Chrome
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.
network
low complexity
google CWE-416
critical
9.8
2016-08-07 CVE-2016-5141 Improper Input Validation vulnerability in Google Chrome
Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.
network
low complexity
google CWE-20
7.5
2016-08-07 CVE-2016-5140 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome
Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.
network
low complexity
google CWE-119
critical
9.8
2016-08-01 CVE-2016-5138 Integer Overflow or Wraparound vulnerability in Google Chrome
Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication.
network
low complexity
google CWE-190
8.8
2016-07-23 CVE-2016-5137 Information Exposure vulnerability in Google Chrome
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.
network
low complexity
google CWE-200
4.3
2016-07-23 CVE-2016-5136 Use After Free vulnerability in Google Chrome
Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.
network
low complexity
google CWE-416
8.8
2016-07-23 CVE-2016-5135 Improper Input Validation vulnerability in Google Chrome
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.
network
low complexity
google CWE-20
6.5
2016-07-23 CVE-2016-5134 Information Exposure vulnerability in Google Chrome
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.
network
low complexity
google CWE-200
8.8
2016-07-23 CVE-2016-5133 Improper Authentication vulnerability in Google Chrome
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.
network
high complexity
google CWE-287
5.3