Vulnerabilities > Google > Chrome > 16.0.906.0

DATE CVE VULNERABILITY TITLE RISK
2018-02-07 CVE-2017-5126 Use After Free vulnerability in multiple products
A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google debian CWE-416
8.8
2018-02-07 CVE-2017-5125 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-119
8.8
2018-02-07 CVE-2017-5124 Cross-site Scripting vulnerability in multiple products
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
network
low complexity
google debian CWE-79
6.1
2018-02-07 CVE-2017-15395 Use After Free vulnerability in multiple products
A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.
network
low complexity
google debian CWE-416
6.5
2018-02-07 CVE-2017-15394 Improper Input Validation vulnerability in multiple products
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.
network
low complexity
google debian CWE-20
6.5
2018-02-07 CVE-2017-15393 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.
network
low complexity
google debian CWE-668
8.8
2018-02-07 CVE-2017-15392 Improper Input Validation vulnerability in multiple products
Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.
network
low complexity
google debian CWE-20
4.3
2018-02-07 CVE-2017-15391 Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.
network
low complexity
google debian
6.5
2018-02-07 CVE-2017-15390 Improper Input Validation vulnerability in multiple products
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
network
low complexity
google debian CWE-20
6.5
2018-02-07 CVE-2017-15389 Improper Input Validation vulnerability in multiple products
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google debian CWE-20
6.5