Vulnerabilities > Google > Chrome > 19.0.1071.0

DATE CVE VULNERABILITY TITLE RISK
2016-02-14 CVE-2016-1622 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
network
low complexity
google debian opensuse CWE-264
8.8
2016-01-25 CVE-2016-2052 Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.
network
low complexity
harfbuzz-project google
7.6
2016-01-25 CVE-2016-2051 Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google redhat
critical
9.8
2016-01-25 CVE-2016-1620 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
8.8
2016-01-25 CVE-2016-1619 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome
Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.
network
low complexity
google CWE-119
7.6
2016-01-25 CVE-2016-1618 Information Exposure vulnerability in Google Chrome
Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
network
low complexity
google CWE-200
6.5
2016-01-25 CVE-2016-1617 Information Exposure vulnerability in Google Chrome
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.
network
low complexity
google CWE-200
4.3
2016-01-25 CVE-2016-1616 7PK - Security Features vulnerability in Google Chrome
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.
network
low complexity
google CWE-254
4.3
2016-01-25 CVE-2016-1615 7PK - Security Features vulnerability in Google Chrome
The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.
network
low complexity
google CWE-254
6.5
2016-01-25 CVE-2016-1614 Information Exposure vulnerability in Google Chrome
The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
network
low complexity
google CWE-200
4.3