Vulnerabilities > Google > Chrome > 6.0.476.0

DATE CVE VULNERABILITY TITLE RISK
2016-09-11 CVE-2016-5151 Use After Free vulnerability in multiple products
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.
network
low complexity
opensuse google CWE-416
8.8
2016-09-11 CVE-2016-5150 Use After Free vulnerability in multiple products
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.
network
low complexity
opensuse google CWE-416
8.8
2016-09-11 CVE-2016-5149 Code Injection vulnerability in multiple products
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.
network
low complexity
google opensuse CWE-94
8.8
2016-09-11 CVE-2016-5148 Cross-site Scripting vulnerability in Google Chrome
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)."
network
low complexity
google CWE-79
6.1
2016-09-11 CVE-2016-5147 Cross-site Scripting vulnerability in Google Chrome
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
network
low complexity
google CWE-79
6.1
2016-08-07 CVE-2016-5146 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-08-07 CVE-2016-5145 7PK - Security Features vulnerability in Google Chrome
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
network
low complexity
google CWE-254
8.8
2016-08-07 CVE-2016-5144 Improper Access Control vulnerability in Google Chrome
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.
network
low complexity
google CWE-284
critical
9.8
2016-08-07 CVE-2016-5143 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.
network
low complexity
google CWE-264
critical
9.8
2016-08-07 CVE-2016-5142 Use After Free vulnerability in Google Chrome
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.
network
low complexity
google CWE-416
critical
9.8