Vulnerabilities > Google > Chrome > 11.0.696.38

DATE CVE VULNERABILITY TITLE RISK
2016-09-11 CVE-2016-5153 Data Processing Errors vulnerability in multiple products
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.
network
low complexity
opensuse google CWE-19
8.8
2016-09-11 CVE-2016-5152 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
network
low complexity
google opensuse CWE-190
8.8
2016-09-11 CVE-2016-5151 Use After Free vulnerability in multiple products
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.
network
low complexity
opensuse google CWE-416
8.8
2016-09-11 CVE-2016-5150 Use After Free vulnerability in multiple products
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.
network
low complexity
opensuse google CWE-416
8.8
2016-09-11 CVE-2016-5149 Code Injection vulnerability in multiple products
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.
network
low complexity
google opensuse CWE-94
8.8
2016-09-11 CVE-2016-5148 Cross-site Scripting vulnerability in Google Chrome
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)."
network
low complexity
google CWE-79
6.1
2016-09-11 CVE-2016-5147 Cross-site Scripting vulnerability in Google Chrome
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
network
low complexity
google CWE-79
6.1
2016-08-07 CVE-2016-5146 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-08-07 CVE-2016-5145 7PK - Security Features vulnerability in Google Chrome
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
network
low complexity
google CWE-254
8.8
2016-08-07 CVE-2016-5144 Improper Access Control vulnerability in Google Chrome
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.
network
low complexity
google CWE-284
critical
9.8