Filtered by vendor Google
Subscriptions
Filtered by product Chrome
Subscriptions
Total
3779 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5159 | 3 Google, Opensuse, Redhat | 4 Chrome, Leap, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c. | ||||
| CVE-2016-5176 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. | ||||
| CVE-2016-5140 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data. | ||||
| CVE-2016-5138 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication. | ||||
| CVE-2016-5141 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp. | ||||
| CVE-2016-5134 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763. | ||||
| CVE-2016-5133 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. | ||||
| CVE-2016-5136 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion. | ||||
| CVE-2016-5142 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp. | ||||
| CVE-2016-5130 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. | ||||
| CVE-2016-5129 | 2 Google, Redhat | 3 Chrome, V8, Rhel Extras | 2025-04-12 | N/A |
| Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. | ||||
| CVE-2015-1253 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Rhel Extras | 2025-04-12 | N/A |
| core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. | ||||
| CVE-2015-1255 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Rhel Extras | 2025-04-12 | N/A |
| Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. | ||||
| CVE-2015-1256 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Rhel Extras | 2025-04-12 | N/A |
| Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element. | ||||
| CVE-2016-5143 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144. | ||||
| CVE-2016-5173 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack. | ||||
| CVE-2016-1707 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site. | ||||
| CVE-2016-1702 | 6 Canonical, Debian, Google and 3 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2025-04-12 | N/A |
| The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data. | ||||
| CVE-2016-1694 | 5 Debian, Google, Opensuse and 2 more | 9 Debian Linux, Chrome, Leap and 6 more | 2025-04-12 | N/A |
| browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority. | ||||
| CVE-2016-1709 | 2 Google, Redhat | 3 Chrome, Sfntly, Rhel Extras | 2025-04-12 | N/A |
| Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font. | ||||