Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-23 | CVE-2016-5127 | Use After Free vulnerability in Google Chrome Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element. | 7.5 |
| 2016-07-23 | CVE-2016-1711 | Improper Authorization vulnerability in Google Chrome WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 8.8 |
| 2016-07-23 | CVE-2016-1710 | Improper Authorization vulnerability in Google Chrome The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 8.8 |
| 2016-07-23 | CVE-2016-1709 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome and Sfntly Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font. | 8.8 |
| 2016-07-23 | CVE-2016-1708 | Use After Free vulnerability in Google Chrome The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. | 8.8 |
| 2016-07-23 | CVE-2016-1705 | Unspecified vulnerability in Google Chrome Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 8.8 |
| 2016-07-11 | CVE-2016-3811 | Permissions, Privileges, and Access Controls vulnerability in Google Android The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556. | 7.8 |
| 2016-07-11 | CVE-2016-3808 | Permissions, Privileges, and Access Controls vulnerability in Google Android The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009. | 7.8 |
| 2016-07-11 | CVE-2016-3807 | Permissions, Privileges, and Access Controls vulnerability in Google Android The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196. | 7.8 |
| 2016-07-11 | CVE-2016-3806 | Permissions, Privileges, and Access Controls vulnerability in Google Android The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341. | 7.8 |