Vulnerabilities > Google > Chrome > High

DATE CVE VULNERABILITY TITLE RISK
2016-02-14 CVE-2016-1627 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.
network
low complexity
opensuse debian google CWE-264
8.8
2016-02-14 CVE-2016-1624 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression.
network
low complexity
opensuse google debian CWE-119
8.8
2016-02-14 CVE-2016-1623 Permissions, Privileges, and Access Controls vulnerability in multiple products
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.
network
low complexity
debian google opensuse CWE-264
8.8
2016-02-14 CVE-2016-1622 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
network
low complexity
google debian opensuse CWE-264
8.8
2016-01-25 CVE-2016-2052 Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.
network
low complexity
harfbuzz-project google
7.6
2016-01-25 CVE-2016-1620 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
8.8
2016-01-25 CVE-2016-1619 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome
Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.
network
low complexity
google CWE-119
7.6
2016-01-25 CVE-2016-1613 Unspecified vulnerability in Google Chrome
Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.
network
low complexity
google
7.6
2016-01-25 CVE-2016-1612 Improper Input Validation vulnerability in Google Chrome
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.
network
low complexity
google CWE-20
7.6
2015-12-24 CVE-2015-8664 Numeric Errors vulnerability in Google Chrome
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.
network
low complexity
google CWE-189
8.8