Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2016-05-14 CVE-2016-1668 Improper Access Control vulnerability in multiple products
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
google opensuse debian CWE-284
8.8
2016-05-14 CVE-2016-1667 Improper Access Control vulnerability in multiple products
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
opensuse debian google CWE-284
8.8
2016-05-14 CVE-2016-1666 Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
redhat opensuse google
critical
9.8
2016-05-14 CVE-2016-1665 Improper Input Validation vulnerability in multiple products
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
network
low complexity
opensuse redhat google CWE-20
6.5
2016-05-14 CVE-2016-1664 7PK - Security Features vulnerability in multiple products
The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.
network
low complexity
google redhat opensuse CWE-254
4.3
2016-05-14 CVE-2016-1663 The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.
network
low complexity
opensuse redhat google
8.8
2016-05-14 CVE-2016-1662 extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
network
low complexity
google redhat opensuse
critical
9.8
2016-05-14 CVE-2016-1661 Improper Input Validation vulnerability in multiple products
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.
network
low complexity
redhat google opensuse CWE-20
8.0
2016-05-14 CVE-2016-1660 Improper Input Validation vulnerability in multiple products
Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.
network
low complexity
opensuse redhat google CWE-20
8.8
2016-05-09 CVE-2016-4477 Data Processing Errors vulnerability in Google Android
wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.
local
low complexity
google CWE-19
7.8