Vulnerabilities > Google > Chrome > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-08-07 CVE-2016-5143 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.
network
low complexity
google CWE-264
critical
9.8
2016-08-07 CVE-2016-5142 Use After Free vulnerability in Google Chrome
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.
network
low complexity
google CWE-416
critical
9.8
2016-08-07 CVE-2016-5140 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome
Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.
network
low complexity
google CWE-119
critical
9.8
2016-07-23 CVE-2016-1706 Improper Input Validation vulnerability in Google Chrome
The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.
network
low complexity
google CWE-20
critical
9.6
2016-05-14 CVE-2016-1666 Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
redhat opensuse google
critical
9.8
2016-05-14 CVE-2016-1662 extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
network
low complexity
google redhat opensuse
critical
9.8
2016-04-18 CVE-2016-1659 Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
debian suse opensuse canonical google
critical
9.8
2016-03-06 CVE-2016-2843 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-03-06 CVE-2016-1642 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-03-06 CVE-2016-1639 Unspecified vulnerability in Google Chrome
Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer.
network
low complexity
google
critical
9.8