Vulnerabilities > Google > Chrome > 32.0.1655.1

DATE CVE VULNERABILITY TITLE RISK
2016-03-13 CVE-2016-1645 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.
network
low complexity
google debian opensuse CWE-119
8.8
2016-03-13 CVE-2016-1644 Unspecified vulnerability in Google Chrome
WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document.
network
low complexity
google
8.8
2016-03-13 CVE-2016-1643 7PK - Time and State vulnerability in Google Chrome
The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
network
low complexity
google CWE-361
8.8
2016-03-06 CVE-2016-2845 Information Exposure vulnerability in Google Chrome
The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp.
network
low complexity
google CWE-200
5.3
2016-03-06 CVE-2016-2844 Improper Input Validation vulnerability in Google Chrome
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
google CWE-20
8.8
2016-03-06 CVE-2016-2843 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-03-06 CVE-2016-1642 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-03-06 CVE-2016-1641 Unspecified vulnerability in Google Chrome
Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download.
network
low complexity
google
8.8
2016-03-06 CVE-2016-1640 Code vulnerability in Google Chrome
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site.
network
low complexity
google CWE-17
4.3
2016-03-06 CVE-2016-1639 Unspecified vulnerability in Google Chrome
Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer.
network
low complexity
google
critical
9.8