Vulnerabilities > Google > Chrome > High

DATE CVE VULNERABILITY TITLE RISK
2016-09-25 CVE-2016-5170 Use After Free vulnerability in Google Chrome
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.
network
low complexity
google CWE-416
8.8
2016-09-11 CVE-2016-7395 Data Processing Errors vulnerability in Google Chrome
SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data.
network
low complexity
google CWE-19
8.8
2016-09-11 CVE-2016-5167 Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
opensuse google
8.8
2016-09-11 CVE-2016-5161 Incorrect Type Conversion or Cast vulnerability in multiple products
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class.
network
low complexity
google opensuse CWE-704
8.8
2016-09-11 CVE-2016-5159 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.
network
low complexity
opensuse google CWE-190
8.8
2016-09-11 CVE-2016-5158 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
network
low complexity
opensuse google CWE-190
8.8
2016-09-11 CVE-2016-5157 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
network
low complexity
opensuse google fedoraproject CWE-119
8.8
2016-09-11 CVE-2016-5156 Use After Free vulnerability in multiple products
extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
network
low complexity
opensuse google CWE-416
8.8
2016-09-11 CVE-2016-5154 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.
network
low complexity
google opensuse CWE-119
8.8
2016-09-11 CVE-2016-5153 Data Processing Errors vulnerability in multiple products
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.
network
low complexity
opensuse google CWE-19
8.8