| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-5131 | 6.8 |
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
|
26-03-2019 - 17:14 | 23-07-2016 - 19:59 | |
| CVE-2016-5129 | 6.8 |
Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via cr
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-5137 | 4.3 |
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and do
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-5127 | 6.8 |
Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-5136 | 6.8 |
Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors re
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-5130 | 4.3 |
content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-5128 | 6.8 |
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-5134 | 4.3 |
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-5135 | 4.3 |
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-5132 | 6.8 |
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-5133 | 4.3 |
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-1705 | 6.8 |
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-1708 | 6.8 |
The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of servi
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-1707 | 4.3 |
ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-1709 | 6.8 |
Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other im
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-1710 | 6.8 |
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
| CVE-2016-1711 | 6.8 |
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy v
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 |