Vulnerabilities > Google > Chrome > 12.0.737.0

DATE CVE VULNERABILITY TITLE RISK
2016-12-18 CVE-2016-5193 Improper Input Validation vulnerability in Google Chrome
Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.
network
low complexity
google CWE-20
4.3
2016-12-18 CVE-2016-5192 Improper Access Control vulnerability in Google Chrome
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
network
low complexity
google CWE-284
6.5
2016-12-18 CVE-2016-5191 Cross-site Scripting vulnerability in Google Chrome
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:[email protected] URL.
network
low complexity
google CWE-79
6.1
2016-12-18 CVE-2016-5190 Use After Free vulnerability in Google Chrome
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
network
low complexity
google CWE-416
6.3
2016-12-18 CVE-2016-5189 Improper Access Control vulnerability in Google Chrome
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
network
low complexity
google CWE-284
6.5
2016-12-18 CVE-2016-5188 Improper Input Validation vulnerability in Google Chrome
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.
network
low complexity
google CWE-20
4.3
2016-12-18 CVE-2016-5187 Improper Input Validation vulnerability in Google Chrome
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
network
low complexity
google CWE-20
6.5
2016-12-18 CVE-2016-5186 Out-of-bounds Read vulnerability in Google Chrome
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
local
low complexity
google CWE-125
5.3
2016-12-18 CVE-2016-5185 Use After Free vulnerability in Google Chrome
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
network
low complexity
google CWE-416
8.8
2016-12-18 CVE-2016-5184 Use After Free vulnerability in Google Chrome
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.
network
low complexity
google CWE-416
8.8