Vulnerabilities > Google > Chrome > 25.0.1364.24

DATE CVE VULNERABILITY TITLE RISK
2017-10-27 CVE-2017-5065 Improper Input Validation vulnerability in multiple products
Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page.
network
low complexity
google redhat CWE-20
4.7
2017-10-27 CVE-2017-5064 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome
Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google CWE-119
8.8
2017-10-27 CVE-2017-5063 Integer Overflow or Wraparound vulnerability in multiple products
A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google redhat CWE-190
8.8
2017-10-27 CVE-2017-5062 Use After Free vulnerability in multiple products
A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension.
network
low complexity
google redhat CWE-416
8.8
2017-10-27 CVE-2017-5061 Race Condition vulnerability in multiple products
A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
high complexity
google redhat CWE-362
5.3
2017-10-27 CVE-2017-5060 Incorrect Authorization vulnerability in multiple products
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
network
low complexity
google redhat CWE-863
6.5
2017-10-27 CVE-2017-5059 Type Confusion vulnerability in multiple products
Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.
network
low complexity
google redhat CWE-843
8.8
2017-10-27 CVE-2017-5058 Use After Free vulnerability in Google Chrome
A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
network
low complexity
google CWE-416
8.8
2017-10-27 CVE-2017-5057 Type Confusion vulnerability in multiple products
Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
network
low complexity
google redhat CWE-843
8.8
2017-10-27 CVE-2017-5056 Use After Free vulnerability in multiple products
A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google redhat CWE-416
8.8