U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:google:chrome:37.0.2062.20:*:*:*:*:*:*:*
There are 1,624 matching records.
Displaying matches 1,381 through 1,400.
Vuln ID Summary CVSS Severity
CVE-2016-1629

Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.

Published: February 21, 2016; 1:59:01 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-1628

pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.

Published: February 21, 2016; 12:59:00 AM -0500
V3.0: 6.3 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2016-1627

The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.

Published: February 13, 2016; 9:59:05 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-1625

The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc.

Published: February 13, 2016; 9:59:03 PM -0500
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1624

Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression.

Published: February 13, 2016; 9:59:02 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-1623

The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.

Published: February 13, 2016; 9:59:01 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-1622

The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

Published: February 13, 2016; 9:59:00 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-2052

Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.

Published: January 25, 2016; 6:59:10 AM -0500
V3.0: 7.6 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-2051

Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: January 25, 2016; 6:59:09 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2016-1620

Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: January 25, 2016; 6:59:08 AM -0500
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-1619

Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.

Published: January 25, 2016; 6:59:07 AM -0500
V3.0: 7.6 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-1618

Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

Published: January 25, 2016; 6:59:06 AM -0500
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1617

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.

Published: January 25, 2016; 6:59:05 AM -0500
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1616

The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.

Published: January 25, 2016; 6:59:04 AM -0500
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1615

The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.

Published: January 25, 2016; 6:59:03 AM -0500
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1614

The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

Published: January 25, 2016; 6:59:02 AM -0500
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1613

Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.

Published: January 25, 2016; 6:59:01 AM -0500
V3.0: 7.6 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-1612

The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.

Published: January 25, 2016; 6:59:00 AM -0500
V3.0: 7.6 HIGH
V2.0: 6.8 MEDIUM
CVE-2015-8664

Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.

Published: December 23, 2015; 10:59:01 PM -0500
V3.0: 8.8 HIGH
V2.0: 7.5 HIGH
CVE-2015-6792

The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.

Published: December 23, 2015; 10:59:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH