Vulnerabilities > Google > Chrome

DATE CVE VULNERABILITY TITLE RISK
2016-07-23 CVE-2016-5135 Improper Input Validation vulnerability in Google Chrome
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.
network
low complexity
google CWE-20
6.5
2016-07-23 CVE-2016-5134 Information Exposure vulnerability in Google Chrome
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.
network
low complexity
google CWE-200
8.8
2016-07-23 CVE-2016-5133 Improper Authentication vulnerability in Google Chrome
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.
network
high complexity
google CWE-287
5.3
2016-07-23 CVE-2016-5132 7PK - Security Features vulnerability in Google Chrome
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.
network
low complexity
google CWE-254
8.8
2016-07-23 CVE-2016-5131 Use After Free vulnerability in multiple products
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
8.8
2016-07-23 CVE-2016-5130 Improper Access Control vulnerability in Google Chrome
content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.
network
low complexity
google CWE-284
6.5
2016-07-23 CVE-2016-5129 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome and V8
Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
google CWE-119
8.8
2016-07-23 CVE-2016-5128 7PK - Security Features vulnerability in Google Chrome
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
google CWE-254
8.8
2016-07-23 CVE-2016-5127 Use After Free vulnerability in Google Chrome
Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.
network
high complexity
google CWE-416
7.5
2016-07-23 CVE-2016-1711 Improper Authorization vulnerability in Google Chrome
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
google CWE-285
8.8