Total
3671 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5175 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2016-5165 | 2 Google, Opensuse | 2 Chrome, Leap | 2023-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string. | |||||
| CVE-2016-5156 | 2 Google, Opensuse | 2 Chrome, Leap | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-5143 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144. | |||||
| CVE-2016-5211 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2016-5201 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page. | |||||
| CVE-2016-5202 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2023-11-07 | 7.5 HIGH | 9.1 CRITICAL |
| browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. | |||||
| CVE-2016-5206 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. | |||||
| CVE-2016-5209 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2016-5220 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file. | |||||
| CVE-2016-5158 | 2 Google, Opensuse | 2 Chrome, Leap | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. | |||||
| CVE-2016-5150 | 2 Google, Opensuse | 2 Chrome, Leap | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects. | |||||
| CVE-2016-5217 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2016-5185 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. | |||||
| CVE-2016-5154 | 2 Google, Opensuse | 2 Chrome, Leap | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image. | |||||
| CVE-2016-5214 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page. | |||||
| CVE-2016-5197 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page. | |||||
| CVE-2016-5199 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | |||||
| CVE-2016-5162 | 2 Google, Opensuse | 2 Chrome, Leap | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160. | |||||
| CVE-2016-5188 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. | |||||