Vulnerabilities > Google > Chrome > 9.0.570.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-01-19 | CVE-2016-5198 | Out-of-bounds Write vulnerability in multiple products V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. | 8.8 |
2016-12-18 | CVE-2016-5193 | Improper Input Validation vulnerability in Google Chrome Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. | 4.3 |
2016-12-18 | CVE-2016-5192 | Improper Access Control vulnerability in Google Chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. | 6.5 |
2016-12-18 | CVE-2016-5191 | Cross-site Scripting vulnerability in Google Chrome Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:[email protected] URL. | 6.1 |
2016-12-18 | CVE-2016-5190 | Use After Free vulnerability in Google Chrome Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. | 6.3 |
2016-12-18 | CVE-2016-5189 | Improper Access Control vulnerability in Google Chrome Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | 6.5 |
2016-12-18 | CVE-2016-5188 | Improper Input Validation vulnerability in Google Chrome Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. | 4.3 |
2016-12-18 | CVE-2016-5187 | Improper Input Validation vulnerability in Google Chrome Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | 6.5 |
2016-12-18 | CVE-2016-5186 | Out-of-bounds Read vulnerability in Google Chrome Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files. | 5.3 |
2016-12-18 | CVE-2016-5185 | Use After Free vulnerability in Google Chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. | 8.8 |