Filtered by vendor Google
Subscribe
Total
12830 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15422 | 5 Canonical, Debian, Google and 2 more | 7 Ubuntu Linux, Debian Linux, Chrome and 4 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-15423 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic. | |||||
| CVE-2017-15400 | 1 Google | 1 Chrome Os | 2023-11-07 | 9.3 HIGH | 7.8 HIGH |
| Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue. | |||||
| CVE-2017-15387 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page. | |||||
| CVE-2017-15388 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-15419 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page. | |||||
| CVE-2017-15403 | 1 Google | 2 Chrome, Chrome Os | 2023-11-07 | 4.4 MEDIUM | 7.3 HIGH |
| Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2017-15394 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension. | |||||
| CVE-2017-0663 | 1 Google | 1 Android | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170. | |||||
| CVE-2016-9650 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. | |||||
| CVE-2017-0553 | 1 Google | 1 Android | 2023-11-07 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library. | |||||
| CVE-2016-9652 | 1 Google | 1 Chrome | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75. | |||||
| CVE-2016-9651 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
| CVE-2016-7549 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message. | |||||
| CVE-2016-7395 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data. | |||||
| CVE-2016-5192 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. | |||||
| CVE-2016-5187 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | |||||
| CVE-2016-5177 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-5155 | 2 Google, Opensuse | 2 Chrome, Leap | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site. | |||||
| CVE-2016-5157 | 3 Fedoraproject, Google, Opensuse | 3 Fedora, Chrome, Leap | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data. | |||||