Filtered by vendor Google
Subscriptions
Filtered by product Chrome
Subscriptions
Total
3678 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1688 | 6 Canonical, Debian, Google and 3 more | 11 Ubuntu Linux, Debian Linux, Chrome and 8 more | 2025-04-12 | N/A |
| The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code. | ||||
| CVE-2014-3196 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors. | ||||
| CVE-2016-1687 | 5 Debian, Google, Opensuse and 2 more | 9 Debian Linux, Chrome, Leap and 6 more | 2025-04-12 | N/A |
| The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions. | ||||
| CVE-2016-7395 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data. | ||||
| CVE-2016-1710 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| CVE-2016-2843 | 2 Google, Redhat | 3 Chrome, V8, Rhel Extras | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2016-1686 | 5 Debian, Google, Opensuse and 2 more | 9 Debian Linux, Chrome, Leap and 6 more | 2025-04-12 | N/A |
| The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. | ||||
| CVE-2016-1685 | 5 Debian, Google, Opensuse and 2 more | 9 Debian Linux, Chrome, Leap and 6 more | 2025-04-12 | N/A |
| core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. | ||||
| CVE-2016-1704 | 5 Canonical, Google, Novell and 2 more | 9 Ubuntu Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 6 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2014-3155 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance. | ||||
| CVE-2016-1650 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Opensuse and 1 more | 2025-04-12 | N/A |
| The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document. | ||||
| CVE-2016-2845 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp. | ||||
| CVE-2016-1656 | 4 Google, Opensuse, Redhat and 1 more | 5 Android, Chrome, Leap and 2 more | 2025-04-12 | N/A |
| The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | ||||
| CVE-2016-1636 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource. | ||||
| CVE-2016-2844 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code. | ||||
| CVE-2016-1637 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site. | ||||
| CVE-2016-1705 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2016-1630 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| CVE-2016-1629 | 5 Debian, Google, Novell and 2 more | 6 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 3 more | 2025-04-12 | N/A |
| Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. | ||||
| CVE-2016-1634 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that triggers Cascading Style Sheets (CSS) style invalidation during a certain subtree-removal action. | ||||