VIR Vulnerability Intelligence Relay

Search

Found 2,027 results in 538ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-1694 medium 5.3 5.3 suse susedebian debian rhel google 10y ago browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid …
CVE-2016-1693 medium 5.3 5.3 suse susedebian debian rhel google 10y ago browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to…
CVE-2016-1692 medium 5.3 5.3 suse susedebian debianubuntu ubuntu google 10y ago WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet downl…
CVE-2016-1691 high 7.5 7.5 suse susedebian debianubuntu ubuntu google 10y ago Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified o…
CVE-2016-1690 high 7.5 7.5 suse susedebian debian rhel google 10y ago The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to …
CVE-2016-1689 medium 6.5 6.5 suse susedebian debianubuntu ubuntu google 10y ago Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified o…
CVE-2016-1688 medium 6.5 6.5 suse susedebian debianubuntu ubuntu google 10y ago The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to caus…
CVE-2016-1687 medium 6.5 6.5 suse susedebian debian rhel google 10y ago The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors relat…
CVE-2016-1686 medium 6.5 6.5 suse susedebian debian rhel google 10y ago The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, wh…
CVE-2016-1685 medium 6.5 6.5 suse susedebian debian rhel google 10y ago core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read…
CVE-2016-1684 high 7.5 7.5 FIX debian debian googlexmlsoft 10y ago numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (intege…
CVE-2016-1683 high 7.5 7.5 FIX debian debiansuse suseubuntu ubuntu xmlsoftgoogle 10y ago numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory acc…
CVE-2016-1682 medium 6.1 6.1 suse susedebian debianubuntu ubuntu google 10y ago The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote…
CVE-2016-1681 high 8.8 8.8 suse susedebian debian rhel google 10y ago Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service …
CVE-2016-1680 high 8.8 8.8 suse susedebian debianubuntu ubuntu google 10y ago Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or p…
CVE-2016-1679 high 8.8 8.8 suse susedebian debianubuntu ubuntu google 10y ago The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote a…
CVE-2016-1678 high 8.8 8.8 suse susedebian debianubuntu ubuntu google 10y ago objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (hea…
CVE-2016-1677 medium 6.5 6.5 suse susedebian debianubuntu ubuntu google 10y ago uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeU…
CVE-2016-1676 high 8.8 8.8 suse susedebian debian rhel google 10y ago extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Polic…
CVE-2016-1675 high 8.8 8.8 suse susedebian debianubuntu ubuntu google 10y ago Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to Fra…
CVE-2016-1674 high 8.8 8.8 suse susedebian debian rhel google 10y ago The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2016-1673 high 8.8 8.8 suse susedebian debianubuntu ubuntu google 10y ago Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2016-1672 high 8.8 8.8 suse susedebian debian rhel google 10y ago The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attacker…
CVE-2016-1671 high 8.1 8.1 sles google 10y ago Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/esc…
CVE-2016-1670 medium 5.3 5.3 slesdebian debiansuse suse google 10y ago Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to mak…
CVE-2016-1669 high 8.8 8.8 FIX slesubuntu ubuntudebian debian googlenodejs 10y ago The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows rem…
CVE-2016-1668 high 8.8 8.8 slesdebian debiansuse suse google 10y ago The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows…
CVE-2016-1667 high 8.8 8.8 slesdebian debiansuse suse google 10y ago The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution duri…
CVE-2016-1665 medium 6.5 6.5 slessuse suse google 10y ago The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sen…
CVE-2016-1664 medium 4.3 4.3 slessuse suse google 10y ago The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and othe…
CVE-2016-1663 high 8.8 8.8 slessuse suse google 10y ago The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishand…
CVE-2016-1661 high 8.0 8.0 slessuse suse google 10y ago Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers…
CVE-2016-1660 high 8.8 8.8 slessuse suse google 10y ago Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service …
CVE-2016-1658 medium 4.3 4.3 debian debiansuse suse novellgoogle 10y ago The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and o…
CVE-2016-1657 medium 4.3 4.3 debian debiansuse suse novellgoogle 10y ago The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which…
CVE-2016-1656 high 7.5 7.5 suse suse google 10y ago The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.
CVE-2016-1655 high 8.8 8.8 debian debianubuntu ubuntususe suse google 10y ago Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or pos…
CVE-2016-1654 medium 6.5 6.5 debian debianubuntu ubuntususe suse google 10y ago The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unk…
CVE-2016-1653 high 8.8 8.8 debian debianubuntu ubuntususe suse google 10y ago The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecifie…
CVE-2016-1652 medium 6.1 6.1 debian debiansuse suse google 10y ago Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allow…
CVE-2016-1651 high 8.1 8.1 debian debiansuse suse google 10y ago fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers …
CVE-2016-3679 high 8.8 8.8 suse suseubuntu ubuntu google 10y ago Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unkn…
CVE-2016-1650 high 8.8 8.8 suse susedebian debian google 10y ago The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of servi…
CVE-2016-1649 high 8.8 8.8 suse suseubuntu ubuntudebian debian google 10y ago The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attacker…
CVE-2016-1648 high 8.8 8.8 suse susedebian debian google 10y ago Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to…
CVE-2016-1647 high 8.8 8.8 suse suseubuntu ubuntudebian debian google 10y ago Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.26…
CVE-2016-1645 high 8.8 8.8 debian debiansuse suse google 10y ago Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of …
CVE-2016-1644 high 8.8 8.8 google 10y ago WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of s…
CVE-2016-1643 high 8.8 8.8 google 10y ago The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent…
CVE-2016-2845 medium 5.3 5.3 google 10y ago The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remo…
CVE-2016-2844 high 8.8 8.8 google 10y ago WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to…
CVE-2016-1641 high 8.8 8.8 google 10y ago Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecifie…
CVE-2016-1640 medium 4.3 4.3 google 10y ago The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for …
CVE-2016-1638 medium 6.3 6.3 google 10y ago extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass inte…
CVE-2016-1637 medium 6.5 6.5 google 10y ago The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain se…
CVE-2016-1634 high 8.8 8.8 google 10y ago Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows rem…
CVE-2016-1632 high 8.8 8.8 google 10y ago The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript co…
CVE-2016-1631 high 8.8 8.8 google 10y ago The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loop…
CVE-2016-1630 high 8.8 8.8 google 10y ago The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for …
CVE-2016-2536 high 8.8 8.8 sapgoogle 10y ago Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be…
CVE-2016-1628 medium 6.3 6.3 FIX debian debian google 10y ago pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of se…
CVE-2016-1627 high 8.8 8.8 debian debiansuse suse google 10y ago The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend…
CVE-2016-1626 medium 4.3 4.3 FIX debian debiansuse suse google 10y ago The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a…
CVE-2016-1625 medium 4.3 4.3 debian debiansuse suse google 10y ago The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers …
CVE-2016-1624 high 8.8 8.8 FIX slesdebian debiansuse suse google 10y ago Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overfl…
CVE-2016-1623 high 8.8 8.8 debian debiansuse suse google 10y ago The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers t…
CVE-2016-1622 high 8.8 8.8 debian debiansuse suse google 10y ago The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypas…
CVE-2016-2052 high 7.6 7.6 FIX debian debian harfbuzz_projectgoogle 11y ago Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted dat…
CVE-2016-1620 high 8.8 8.8 google 11y ago Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-1619 high 7.6 7.6 google 11y ago Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attac…
CVE-2016-1618 medium 6.5 6.5 google 11y ago Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat …
CVE-2016-1617 medium 4.3 4.3 google 11y ago The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does no…
CVE-2016-1616 medium 4.3 4.3 google 11y ago The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocuse…
CVE-2016-1615 medium 6.5 6.5 google 11y ago The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.
CVE-2016-1614 medium 4.3 4.3 google 11y ago The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization …
CVE-2016-1613 high 7.6 7.6 google 11y ago Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have …
CVE-2016-1612 high 7.6 7.6 google 11y ago The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, w…
CVE-2015-8664 high 8.8 9.8 EXP google 11y ago Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly h…
CVE-2015-6790 medium 4.3 google 11y ago The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, whi…
CVE-2015-8479 high 7.5 google 11y ago Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of ser…
CVE-2015-8478 high 7.5 google 11y ago Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.73, allow attackers to cause a denial of service or possibly have other impact via unknow…
CVE-2015-6786 medium 4.3 google 11y ago The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, …
CVE-2015-6785 medium 4.3 google 11y ago The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a…
CVE-2015-6784 medium 4.3 google 11y ago The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafte…
CVE-2015-6783 medium 4.3 google 11y ago The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an…
CVE-2015-6782 medium 4.3 google 11y ago The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, wh…
CVE-2015-6781 high 7.5 google 11y ago Integer overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly …
CVE-2015-6780 medium 6.8 google 11y ago Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c…
CVE-2015-6779 medium 4.3 google 11y ago PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, …
CVE-2015-6778 high 7.5 google 11y ago The CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service (out-of-bounds memory a…
CVE-2015-6777 high 7.5 google 11y ago Use-after-free vulnerability in the ContainerNode::notifyNodeInsertedInternal function in WebKit/Source/core/dom/ContainerNode.cpp in the DOM implementation in Google Chrome before 47.0.2526.73 allow…
CVE-2015-6776 medium 6.8 google 11y ago The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possi…
CVE-2015-6775 high 7.5 google 11y ago fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified…
CVE-2015-6774 high 7.5 google 11y ago Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to …
CVE-2015-6773 high 7.5 google 11y ago The convolution implementation in Skia, as used in Google Chrome before 47.0.2526.73, does not properly constrain row lengths, which allows remote attackers to cause a denial of service (out-of-bound…
CVE-2015-6772 high 7.5 google 11y ago The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass …
CVE-2015-6771 high 7.5 google 11y ago js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service …
CVE-2015-6770 high 7.5 google 11y ago The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768.
CVE-2015-6769 high 7.5 google 11y ago The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveragin…
CVE-2015-6768 high 7.5 google 11y ago The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770.