Vulnerabilities > Google > Chrome

DATE CVE VULNERABILITY TITLE RISK
2016-12-18 CVE-2016-5186 Out-of-bounds Read vulnerability in Google Chrome
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
local
low complexity
google CWE-125
5.3
2016-12-18 CVE-2016-5185 Use After Free vulnerability in Google Chrome
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
network
low complexity
google CWE-416
8.8
2016-12-18 CVE-2016-5184 Use After Free vulnerability in Google Chrome
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.
network
low complexity
google CWE-416
8.8
2016-12-18 CVE-2016-5183 Use After Free vulnerability in Google Chrome
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.
network
low complexity
google CWE-416
8.8
2016-12-18 CVE-2016-5182 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.
network
low complexity
google CWE-119
8.8
2016-12-18 CVE-2016-5181 Cross-site Scripting vulnerability in Google Chrome
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages.
network
low complexity
google CWE-79
6.1
2016-10-14 CVE-2005-4900 Inadequate Encryption Strength vulnerability in Google Chrome
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2.
network
high complexity
google CWE-326
5.9
2016-09-29 CVE-2016-5176 Improper Access Control vulnerability in Google Chrome
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
network
low complexity
google CWE-284
6.5
2016-09-25 CVE-2016-7549 Unspecified vulnerability in Google Chrome
Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.
network
low complexity
google
8.8
2016-09-25 CVE-2016-5175 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
8.8