Vulnerabilities > Google > Chrome > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-08-07 | CVE-2016-5143 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144. | 9.8 |
2016-08-07 | CVE-2016-5142 | Use After Free vulnerability in Google Chrome The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp. | 9.8 |
2016-08-07 | CVE-2016-5140 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data. | 9.8 |
2016-07-23 | CVE-2016-1706 | Improper Input Validation vulnerability in Google Chrome The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc. | 9.6 |
2016-05-14 | CVE-2016-1666 | Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |
2016-05-14 | CVE-2016-1662 | extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | 9.8 |
2016-04-18 | CVE-2016-1659 | Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |
2016-03-06 | CVE-2016-2843 | Unspecified vulnerability in Google Chrome Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |
2016-03-06 | CVE-2016-1642 | Unspecified vulnerability in Google Chrome Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |
2016-03-06 | CVE-2016-1639 | Unspecified vulnerability in Google Chrome Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer. | 9.8 |