Max CVSS 10.0 Min CVSS 2.6 Total Count26
IDCVSSSummaryLast (major) updatePublished
CVE-2016-1666 7.5
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
26-04-2017 - 21:59 14-05-2016 - 17:59
CVE-2016-1665 4.3
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
26-04-2017 - 21:59 14-05-2016 - 17:59
CVE-2016-1664 4.3
The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attacker
26-04-2017 - 21:59 14-05-2016 - 17:59
CVE-2016-1663 6.8
The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which all
26-04-2017 - 21:59 14-05-2016 - 17:59
CVE-2016-1662 10.0
extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have
26-04-2017 - 21:59 14-05-2016 - 17:59
CVE-2016-1661 8.3
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) o
26-04-2017 - 21:59 14-05-2016 - 17:59
CVE-2016-1660 6.8
Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified
26-04-2017 - 21:59 14-05-2016 - 17:59
CVE-2016-1669 9.3
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer
02-12-2016 - 22:22 14-05-2016 - 17:59
CVE-2016-1659 10.0
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
02-12-2016 - 22:22 18-04-2016 - 06:59
CVE-2016-1658 4.3
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension
02-12-2016 - 22:22 18-04-2016 - 06:59
CVE-2016-1657 4.3
The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar v
02-12-2016 - 22:22 18-04-2016 - 06:59
CVE-2016-1656 5.0
The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.
02-12-2016 - 22:22 18-04-2016 - 06:59
CVE-2016-1655 6.8
Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted e
02-12-2016 - 22:22 18-04-2016 - 06:59
CVE-2016-1654 4.3
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.
02-12-2016 - 22:22 18-04-2016 - 06:59
CVE-2016-1653 9.3
The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that tri
02-12-2016 - 22:21 18-04-2016 - 06:59
CVE-2016-1652 4.3
Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script o
02-12-2016 - 22:21 18-04-2016 - 06:59
CVE-2016-1651 5.8
fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory
02-12-2016 - 22:21 18-04-2016 - 06:59
CVE-2016-1650 9.3
The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by tri
02-12-2016 - 22:21 29-03-2016 - 06:59
CVE-2016-1649 9.3
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or
02-12-2016 - 22:21 29-03-2016 - 06:59
CVE-2016-1648 9.3
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspeci
02-12-2016 - 22:21 29-03-2016 - 06:59
CVE-2016-1647 9.3
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of
02-12-2016 - 22:21 29-03-2016 - 06:59
CVE-2016-1646 9.3
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or po
02-12-2016 - 22:21 29-03-2016 - 06:59
CVE-2016-1671 6.8
Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc.
30-11-2016 - 22:06 14-05-2016 - 17:59
CVE-2016-1670 2.6
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a
30-11-2016 - 22:06 14-05-2016 - 17:59
CVE-2016-1668 6.8
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy
30-11-2016 - 22:06 14-05-2016 - 17:59
CVE-2016-1667 6.8
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote at
30-11-2016 - 22:06 14-05-2016 - 17:59
Back to Top Mark selected
Back to Top