National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:google:chrome:31.0.1650.2
There are 1,274 matching records.
Displaying matches 901 through 920.
Vuln ID Summary CVSS Severity
CVE-2016-1652

Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

Published: April 18, 2016; 06:59:01 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-1651

fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document.

Published: April 18, 2016; 06:59:00 AM -04:00
V3.0: 8.1 HIGH
    V2: 5.8 MEDIUM
CVE-2016-3679

Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: March 29, 2016; 06:59:05 AM -04:00
V3.0: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2016-1650

The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document.

Published: March 29, 2016; 06:59:04 AM -04:00
V3.0: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2016-1649

The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.

Published: March 29, 2016; 06:59:03 AM -04:00
V3.0: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2016-1648

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.

Published: March 29, 2016; 06:59:02 AM -04:00
V3.0: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2016-1647

Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: March 29, 2016; 06:59:01 AM -04:00
V3.0: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2016-1646

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.

Published: March 29, 2016; 06:59:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2016-1645

Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.

Published: March 13, 2016; 06:59:05 PM -04:00
V3.1: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2016-1644

WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document.

Published: March 13, 2016; 06:59:03 PM -04:00
V3.0: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2016-1643

The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

Published: March 13, 2016; 06:59:02 PM -04:00
V3.0: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2016-2845

The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp.

Published: March 05, 2016; 09:59:15 PM -05:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-2844

WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.

Published: March 05, 2016; 09:59:14 PM -05:00
V3.0: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2016-2843

Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: March 05, 2016; 09:59:13 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-1642

Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: March 05, 2016; 09:59:12 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-1641

Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download.

Published: March 05, 2016; 09:59:11 PM -05:00
V3.0: 8.8 HIGH
    V2: 9.3 HIGH
CVE-2016-1640

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site.

Published: March 05, 2016; 09:59:11 PM -05:00
V3.0: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-1639

Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer.

Published: March 05, 2016; 09:59:10 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-1638

extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app.

Published: March 05, 2016; 09:59:09 PM -05:00
V3.0: 6.3 MEDIUM
    V2: 6.8 MEDIUM
CVE-2016-1637

The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site.

Published: March 05, 2016; 09:59:08 PM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM