Vulnerabilities > Google > Chrome > 4.1.249.1017

DATE CVE VULNERABILITY TITLE RISK
2018-02-07 CVE-2017-15390 Improper Input Validation vulnerability in multiple products
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
network
low complexity
google debian CWE-20
6.5
2018-02-07 CVE-2017-15389 Improper Input Validation vulnerability in multiple products
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google debian CWE-20
6.5
2018-02-07 CVE-2017-15388 Out-of-bounds Read vulnerability in multiple products
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian CWE-125
8.8
2018-02-07 CVE-2017-15387 Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
network
low complexity
google debian
8.8
2018-02-07 CVE-2017-15386 Improper Input Validation vulnerability in multiple products
Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google debian CWE-20
6.5
2018-01-09 CVE-2015-1290 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
network
low complexity
google qt opensuse CWE-119
8.8
2018-01-03 CVE-2017-1000460 NULL Pointer Dereference vulnerability in multiple products
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
4.3
2017-10-27 CVE-2017-5122 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.
network
low complexity
google debian CWE-119
8.8
2017-10-27 CVE-2017-5121 Improper Input Validation vulnerability in multiple products
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.
network
low complexity
google debian redhat CWE-20
8.8
2017-10-27 CVE-2017-5120 Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page.
network
low complexity
google debian redhat
6.5