Vulnerabilities > Google > Chrome > 4.1.249.1047

DATE CVE VULNERABILITY TITLE RISK
2016-12-18 CVE-2016-5181 Cross-site Scripting vulnerability in Google Chrome
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages.
network
low complexity
google CWE-79
6.1
2016-10-14 CVE-2005-4900 Inadequate Encryption Strength vulnerability in Google Chrome
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2.
network
high complexity
google CWE-326
5.9
2016-09-29 CVE-2016-5176 Improper Access Control vulnerability in Google Chrome
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
network
low complexity
google CWE-284
6.5
2016-09-25 CVE-2016-7549 Unspecified vulnerability in Google Chrome
Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.
network
low complexity
google
8.8
2016-09-25 CVE-2016-5175 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
8.8
2016-09-25 CVE-2016-5174 Improper Input Validation vulnerability in Google Chrome
browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.
network
low complexity
google CWE-20
6.5
2016-09-25 CVE-2016-5173 Improper Access Control vulnerability in Google Chrome
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
network
low complexity
google CWE-284
7.1
2016-09-25 CVE-2016-5172 Information Exposure vulnerability in multiple products
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
network
low complexity
google nodejs debian CWE-200
6.5
2016-09-25 CVE-2016-5171 Use After Free vulnerability in Google Chrome
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
google CWE-416
8.8
2016-09-25 CVE-2016-5170 Use After Free vulnerability in Google Chrome
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.
network
low complexity
google CWE-416
8.8