Vulnerabilities > Google > Chrome > 25.0.1364.93

DATE CVE VULNERABILITY TITLE RISK
2016-09-25 CVE-2016-5174 Improper Input Validation vulnerability in Google Chrome
browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.
network
low complexity
google CWE-20
6.5
2016-09-25 CVE-2016-5173 Improper Access Control vulnerability in Google Chrome
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
network
low complexity
google CWE-284
7.1
2016-09-25 CVE-2016-5172 Information Exposure vulnerability in multiple products
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
network
low complexity
google nodejs debian CWE-200
6.5
2016-09-25 CVE-2016-5171 Use After Free vulnerability in Google Chrome
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
google CWE-416
8.8
2016-09-25 CVE-2016-5170 Use After Free vulnerability in Google Chrome
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.
network
low complexity
google CWE-416
8.8
2016-09-11 CVE-2016-7395 Data Processing Errors vulnerability in Google Chrome
SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data.
network
low complexity
google CWE-19
8.8
2016-09-11 CVE-2016-5167 Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
opensuse google
8.8
2016-09-11 CVE-2016-5166 Information Exposure vulnerability in multiple products
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
network
high complexity
google opensuse CWE-200
3.1
2016-09-11 CVE-2016-5165 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string.
network
low complexity
google opensuse CWE-79
6.1
2016-09-11 CVE-2016-5164 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)."
network
low complexity
google opensuse CWE-79
6.1