Vulnerabilities > Google > Chrome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-06 | CVE-2016-1640 | Code vulnerability in Google Chrome The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site. | 4.3 |
| 2016-03-06 | CVE-2016-1638 | Improper Access Control vulnerability in Google Chrome extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app. | 6.3 |
| 2016-03-06 | CVE-2016-1637 | Information Exposure vulnerability in Google Chrome The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site. | 6.5 |
| 2016-02-21 | CVE-2016-1628 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions. | 6.3 |
| 2016-02-14 | CVE-2016-1626 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. | 4.3 |
| 2016-02-14 | CVE-2016-1625 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc. | 4.3 |
| 2016-01-25 | CVE-2016-1618 | Information Exposure vulnerability in Google Chrome Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | 6.5 |
| 2016-01-25 | CVE-2016-1617 | Information Exposure vulnerability in Google Chrome The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. | 4.3 |
| 2016-01-25 | CVE-2016-1616 | 7PK - Security Features vulnerability in Google Chrome The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. | 4.3 |
| 2016-01-25 | CVE-2016-1615 | 7PK - Security Features vulnerability in Google Chrome The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors. | 6.5 |