Vulnerabilities > Google > Chrome > 48.0.2564.103
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-11 | CVE-2016-5148 | Cross-site Scripting vulnerability in Google Chrome Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)." | 6.1 |
| 2016-09-11 | CVE-2016-5147 | Cross-site Scripting vulnerability in Google Chrome Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | 6.1 |
| 2016-08-07 | CVE-2016-5146 | Unspecified vulnerability in Google Chrome Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |
| 2016-08-07 | CVE-2016-5145 | 7PK - Security Features vulnerability in Google Chrome Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | 8.8 |
| 2016-08-07 | CVE-2016-5144 | Improper Access Control vulnerability in Google Chrome The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143. | 9.8 |
| 2016-08-07 | CVE-2016-5143 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144. | 9.8 |
| 2016-08-07 | CVE-2016-5142 | Use After Free vulnerability in Google Chrome The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp. | 9.8 |
| 2016-08-07 | CVE-2016-5141 | Improper Input Validation vulnerability in Google Chrome Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp. | 7.5 |
| 2016-08-07 | CVE-2016-5140 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data. | 9.8 |
| 2016-08-01 | CVE-2016-5138 | Integer Overflow or Wraparound vulnerability in Google Chrome Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication. | 8.8 |