Max CVSS | 7.5 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-5172 | 4.3 |
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
|
29-08-2022 - 20:43 | 25-09-2016 - 20:59 | |
CVE-2016-5131 | 6.8 |
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
|
26-03-2019 - 17:14 | 23-07-2016 - 19:59 | |
CVE-2016-5162 | 4.3 |
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resource
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5161 | 6.8 |
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attack
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5178 | 7.5 |
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
30-10-2018 - 16:27 | 23-05-2017 - 04:29 | |
CVE-2016-5151 | 6.8 |
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PD
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5164 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary we
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5152 | 6.8 |
Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (he
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5150 | 6.8 |
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly r
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5156 | 6.8 |
extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attac
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5157 | 6.8 |
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via c
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5160 | 4.3 |
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resource
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5154 | 6.8 |
Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a cra
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5177 | 6.8 |
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
|
30-10-2018 - 16:27 | 23-05-2017 - 04:29 | |
CVE-2016-5163 | 4.3 |
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5158 | 6.8 |
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5166 | 2.6 |
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5153 | 6.8 |
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5167 | 7.5 |
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5159 | 6.8 |
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have uns
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5155 | 4.3 |
Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5165 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5149 | 6.8 |
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injecti
|
30-10-2018 - 16:27 | 11-09-2016 - 10:59 | |
CVE-2016-5139 | 6.8 |
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified
|
21-07-2018 - 01:29 | 07-08-2016 - 19:59 | |
CVE-2016-5175 | 6.8 |
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
05-01-2018 - 02:30 | 25-09-2016 - 20:59 | |
CVE-2016-5188 | 4.3 |
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5174 | 4.3 |
browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) vi
|
05-01-2018 - 02:30 | 25-09-2016 - 20:59 | |
CVE-2016-5181 | 4.3 |
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (U
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5193 | 4.3 |
Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5170 | 6.8 |
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service
|
05-01-2018 - 02:30 | 25-09-2016 - 20:59 | |
CVE-2016-5185 | 6.8 |
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read v
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5171 | 6.8 |
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecifi
|
05-01-2018 - 02:30 | 25-09-2016 - 20:59 | |
CVE-2016-5182 | 6.8 |
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5191 | 4.3 |
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML p
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5189 | 4.3 |
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pa
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5173 | 6.8 |
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass
|
05-01-2018 - 02:30 | 25-09-2016 - 20:59 | |
CVE-2016-5184 | 6.8 |
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption v
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5192 | 4.3 |
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5190 | 6.8 |
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5187 | 4.3 |
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5186 | 6.8 |
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5183 | 6.8 |
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.
|
05-01-2018 - 02:30 | 18-12-2016 - 03:59 | |
CVE-2016-5129 | 6.8 |
Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via cr
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
CVE-2016-5137 | 4.3 |
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and do
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
CVE-2016-5127 | 6.8 |
Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
CVE-2016-5136 | 6.8 |
Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors re
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
CVE-2016-5130 | 4.3 |
content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
CVE-2016-5128 | 6.8 |
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
CVE-2016-5134 | 4.3 |
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
CVE-2016-5135 | 4.3 |
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
CVE-2016-5132 | 6.8 |
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
CVE-2016-5133 | 4.3 |
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server
|
01-09-2017 - 01:29 | 23-07-2016 - 19:59 | |
CVE-2016-5148 | 4.3 |
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates
|
13-08-2017 - 01:29 | 11-09-2016 - 10:59 | |
CVE-2016-5147 | 4.3 |
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS
|
13-08-2017 - 01:29 | 11-09-2016 - 10:59 | |
CVE-2016-5140 | 7.5 |
Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafte
|
01-07-2017 - 01:29 | 07-08-2016 - 19:59 | |
CVE-2016-5145 | 6.8 |
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Or
|
01-07-2017 - 01:29 | 07-08-2016 - 19:59 | |
CVE-2016-5142 | 7.5 |
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspeci
|
01-07-2017 - 01:29 | 07-08-2016 - 19:59 | |
CVE-2016-5138 | 6.8 |
Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unr
|
01-07-2017 - 01:29 | 01-08-2016 - 02:59 | |
CVE-2016-5146 | 7.5 |
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
01-07-2017 - 01:29 | 07-08-2016 - 19:59 | |
CVE-2016-5141 | 5.0 |
Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.
|
01-07-2017 - 01:29 | 07-08-2016 - 19:59 | |
CVE-2016-5143 | 7.5 |
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access
|
01-07-2017 - 01:29 | 07-08-2016 - 19:59 | |
CVE-2016-5144 | 7.5 |
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access
|
01-07-2017 - 01:29 | 07-08-2016 - 19:59 |