U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:google:chrome:2.0.172
There are 3,267 matching records.
Displaying matches 2,141 through 2,160.
Vuln ID Summary CVSS Severity
CVE-2015-6774

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that modifies a pointer used for reporting loadTimes data.

Published: December 05, 2015; 8:59:11 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6773

The convolution implementation in Skia, as used in Google Chrome before 47.0.2526.73, does not properly constrain row lengths, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted graphics data.

Published: December 05, 2015; 8:59:10 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6772

The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin.

Published: December 05, 2015; 8:59:09 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6771

js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.

Published: December 05, 2015; 8:59:08 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6770

The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768.

Published: December 05, 2015; 8:59:07 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6769

The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveraging a delay in window proxy clearing.

Published: December 05, 2015; 8:59:06 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6768

The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770.

Published: December 05, 2015; 8:59:05 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6767

Use-after-free vulnerability in content/browser/appcache/appcache_dispatcher_host.cc in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect pointer maintenance associated with certain callbacks.

Published: December 05, 2015; 8:59:04 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6766

Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified other impact by leveraging incorrect AppCacheUpdateJob behavior associated with duplicate cache selection.

Published: December 05, 2015; 8:59:03 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6765

Use-after-free vulnerability in content/browser/appcache/appcache_update_job.cc in Google Chrome before 47.0.2526.73 allows remote attackers to execute arbitrary code or cause a denial of service by leveraging the mishandling of AppCache update jobs.

Published: December 05, 2015; 8:59:01 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-6764

The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.

Published: December 05, 2015; 8:59:00 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2015-1302

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc.

Published: November 11, 2015; 6:59:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-7834

Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: October 15, 2015; 6:59:12 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6763

Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: October 15, 2015; 6:59:09 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6762

The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via a redirect.

Published: October 15, 2015; 6:59:08 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6761

The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file.

Published: October 15, 2015; 6:59:06 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-6760

The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device.

Published: October 15, 2015; 6:59:05 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6759

The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL.

Published: October 15, 2015; 6:59:04 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-6758

The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

Published: October 15, 2015; 6:59:04 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-6757

Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback.

Published: October 15, 2015; 6:59:03 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH