Vulnerabilities > Google > Chrome > 14.0.835.2

DATE CVE VULNERABILITY TITLE RISK
2016-03-29 CVE-2016-1646 Out-of-bounds Read vulnerability in multiple products
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
debian canonical google opensuse suse redhat CWE-125
8.8
2016-03-13 CVE-2016-1645 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.
network
low complexity
google debian opensuse CWE-119
8.8
2016-03-13 CVE-2016-1644 Unspecified vulnerability in Google Chrome
WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document.
network
low complexity
google
8.8
2016-03-13 CVE-2016-1643 7PK - Time and State vulnerability in Google Chrome
The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
network
low complexity
google CWE-361
8.8
2016-03-06 CVE-2016-2845 Information Exposure vulnerability in Google Chrome
The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp.
network
low complexity
google CWE-200
5.3
2016-03-06 CVE-2016-2844 Improper Input Validation vulnerability in Google Chrome
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
google CWE-20
8.8
2016-03-06 CVE-2016-2843 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-03-06 CVE-2016-1642 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-03-06 CVE-2016-1641 Unspecified vulnerability in Google Chrome
Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download.
network
low complexity
google
8.8
2016-03-06 CVE-2016-1640 Code vulnerability in Google Chrome
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site.
network
low complexity
google CWE-17
4.3