Vulnerabilities > Google > Chrome > 11.0.652.0

DATE CVE VULNERABILITY TITLE RISK
2016-06-05 CVE-2016-1676 Improper Access Control vulnerability in multiple products
extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
network
low complexity
debian redhat suse opensuse google CWE-284
8.8
2016-06-05 CVE-2016-1675 Improper Access Control vulnerability in multiple products
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.
network
low complexity
debian canonical redhat suse opensuse google CWE-284
8.8
2016-06-05 CVE-2016-1674 The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
network
low complexity
debian redhat suse opensuse google
8.8
2016-06-05 CVE-2016-1673 Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
network
low complexity
google debian canonical redhat suse opensuse
8.8
2016-06-05 CVE-2016-1672 Improper Access Control vulnerability in multiple products
The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors.
network
low complexity
google debian redhat suse opensuse CWE-284
8.8
2016-05-14 CVE-2016-1671 Path Traversal vulnerability in Google Chrome
Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc.
network
low complexity
google CWE-22
8.1
2016-05-14 CVE-2016-1670 Race Condition vulnerability in multiple products
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID.
network
high complexity
google opensuse debian CWE-362
5.3
2016-05-14 CVE-2016-1669 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
debian google opensuse nodejs canonical CWE-119
8.8
2016-05-14 CVE-2016-1668 Improper Access Control vulnerability in multiple products
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
google opensuse debian CWE-284
8.8
2016-05-14 CVE-2016-1667 Improper Access Control vulnerability in multiple products
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
opensuse debian google CWE-284
8.8