Max CVSS | 7.5 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-5162 | 4.3 |
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resource
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5161 | 6.8 |
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attack
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5151 | 6.8 |
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PD
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5164 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary we
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5152 | 6.8 |
Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (he
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5150 | 6.8 |
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly r
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5156 | 6.8 |
extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attac
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5157 | 6.8 |
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via c
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5160 | 4.3 |
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resource
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5154 | 6.8 |
Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a cra
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5163 | 4.3 |
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5158 | 6.8 |
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5166 | 2.6 |
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5153 | 6.8 |
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5167 | 7.5 |
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5159 | 6.8 |
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have uns
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5155 | 4.3 |
Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5165 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5149 | 6.8 |
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injecti
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5148 | 4.3 |
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates
|
13-08-2017 - 01:29 | 11-09-2016 - 10:59 | |
CVE-2016-5147 | 4.3 |
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS
|
13-08-2017 - 01:29 | 11-09-2016 - 10:59 | |
CVE-2016-7395 | 6.8 |
SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (unin
|
07-01-2017 - 03:00 | 11-09-2016 - 10:59 |