U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product: cpe:/a:google:chrome
There are 3,337 matching records.
Displaying matches 2,081 through 2,100.
Vuln ID Summary CVSS Severity
CVE-2016-1655

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.

Published: April 18, 2016; 6:59:04 AM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-1654

The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.

Published: April 18, 2016; 6:59:03 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1653

The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc.

Published: April 18, 2016; 6:59:02 AM -0400
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1652

Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

Published: April 18, 2016; 6:59:01 AM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1651

fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document.

Published: April 18, 2016; 6:59:00 AM -0400
V3.0: 8.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2016-3679

Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: March 29, 2016; 6:59:05 AM -0400
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1650

The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document.

Published: March 29, 2016; 6:59:04 AM -0400
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1649

The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.

Published: March 29, 2016; 6:59:03 AM -0400
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1648

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.

Published: March 29, 2016; 6:59:02 AM -0400
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1647

Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: March 29, 2016; 6:59:01 AM -0400
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1646

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.

Published: March 29, 2016; 6:59:00 AM -0400
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1645

Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.

Published: March 13, 2016; 6:59:05 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1644

WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document.

Published: March 13, 2016; 6:59:03 PM -0400
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1643

The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

Published: March 13, 2016; 6:59:02 PM -0400
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-2845

The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp.

Published: March 05, 2016; 9:59:15 PM -0500
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2016-2844

WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.

Published: March 05, 2016; 9:59:14 PM -0500
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-2843

Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: March 05, 2016; 9:59:13 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-1642

Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: March 05, 2016; 9:59:12 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-1641

Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download.

Published: March 05, 2016; 9:59:11 PM -0500
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1640

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site.

Published: March 05, 2016; 9:59:11 PM -0500
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM