Vulnerabilities > Google > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-03-06 CVE-2016-2843 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-03-06 CVE-2016-1642 Unspecified vulnerability in Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-03-06 CVE-2016-1639 Unspecified vulnerability in Google Chrome
Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer.
network
low complexity
google
critical
9.8
2016-03-06 CVE-2016-1636 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.
network
low complexity
google CWE-264
critical
9.8
2016-03-06 CVE-2016-1635 Unspecified vulnerability in Google Chrome
extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-03-06 CVE-2016-1633 Unspecified vulnerability in Google Chrome
Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google
critical
9.8
2016-03-03 CVE-2016-0705 Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
network
low complexity
oracle openssl google canonical debian
critical
9.8
2016-02-21 CVE-2016-1629 Permissions, Privileges, and Access Controls vulnerability in multiple products
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.
network
low complexity
google novell opensuse debian CWE-264
critical
9.8
2016-02-07 CVE-2016-0804 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434.
network
low complexity
google CWE-119
critical
9.8
2016-02-07 CVE-2016-0803 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.
network
low complexity
google CWE-119
critical
9.8