Vulnerabilities > Google > Chrome > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-23 | CVE-2016-5178 | Improper Input Validation vulnerability in multiple products Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |
| 2017-04-24 | CVE-2014-9654 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923. | 9.8 |
| 2017-04-11 | CVE-2013-6647 | Use After Free vulnerability in Google Chrome A use-after-free in AnimationController::endAnimationUpdate in Google Chrome. | 9.8 |
| 2016-08-07 | CVE-2016-5146 | Unspecified vulnerability in Google Chrome Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |
| 2016-08-07 | CVE-2016-5144 | Improper Access Control vulnerability in Google Chrome The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143. | 9.8 |
| 2016-08-07 | CVE-2016-5143 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144. | 9.8 |
| 2016-08-07 | CVE-2016-5142 | Use After Free vulnerability in Google Chrome The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp. | 9.8 |
| 2016-08-07 | CVE-2016-5140 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data. | 9.8 |
| 2016-07-23 | CVE-2016-1706 | Improper Input Validation vulnerability in Google Chrome The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc. | 9.6 |
| 2016-05-14 | CVE-2016-1666 | Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |