Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-5188 | 4.3 |
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5181 | 4.3 |
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (U
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5193 | 4.3 |
Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5185 | 6.8 |
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read v
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5182 | 6.8 |
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5191 | 4.3 |
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML p
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5189 | 4.3 |
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pa
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5184 | 6.8 |
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption v
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5192 | 4.3 |
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5190 | 6.8 |
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5187 | 4.3 |
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5186 | 6.8 |
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5183 | 6.8 |
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 |