Search Results (15475 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1645 4 Debian, Google, Opensuse and 1 more 6 Debian Linux, Chrome, Leap and 3 more 2025-04-12 8.8 High
Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.
CVE-2016-1647 5 Canonical, Debian, Google and 2 more 5 Ubuntu Linux, Debian Linux, Chrome and 2 more 2025-04-12 N/A
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2016-1649 5 Canonical, Debian, Google and 2 more 5 Ubuntu Linux, Debian Linux, Chrome and 2 more 2025-04-12 N/A
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.
CVE-2016-1650 4 Debian, Google, Opensuse and 1 more 4 Debian Linux, Chrome, Opensuse and 1 more 2025-04-12 N/A
The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document.
CVE-2016-1652 5 Debian, Google, Opensuse and 2 more 5 Debian Linux, Chrome, Leap and 2 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
CVE-2016-1654 6 Canonical, Debian, Google and 3 more 6 Ubuntu Linux, Debian Linux, Chrome and 3 more 2025-04-12 N/A
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.
CVE-2016-1655 6 Canonical, Debian, Google and 3 more 6 Ubuntu Linux, Debian Linux, Chrome and 3 more 2025-04-12 N/A
Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.
CVE-2016-1656 4 Google, Opensuse, Redhat and 1 more 5 Android, Chrome, Leap and 2 more 2025-04-12 N/A
The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.
CVE-2016-1657 5 Debian, Google, Novell and 2 more 5 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 2 more 2025-04-12 N/A
The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.
CVE-2016-1659 6 Canonical, Debian, Google and 3 more 6 Ubuntu Linux, Debian Linux, Chrome and 3 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-1660 3 Google, Opensuse, Redhat 7 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 4 more 2025-04-12 N/A
Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.
CVE-2016-1661 3 Google, Opensuse, Redhat 7 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 4 more 2025-04-12 N/A
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.
CVE-2016-1662 3 Google, Opensuse, Redhat 7 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 4 more 2025-04-12 N/A
extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
CVE-2016-1663 3 Google, Opensuse, Redhat 7 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 4 more 2025-04-12 N/A
The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.
CVE-2016-1664 3 Google, Opensuse, Redhat 7 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 4 more 2025-04-12 N/A
The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.
CVE-2016-1665 3 Google, Opensuse, Redhat 7 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 4 more 2025-04-12 N/A
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
CVE-2016-1666 3 Google, Opensuse, Redhat 7 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 4 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-1667 4 Debian, Google, Opensuse and 1 more 4 Debian Linux, Chrome, Opensuse and 1 more 2025-04-12 N/A
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2016-1670 4 Debian, Google, Opensuse and 1 more 4 Debian Linux, Chrome, Opensuse and 1 more 2025-04-12 N/A
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID.
CVE-2016-1671 1 Google 2 Android, Chrome 2025-04-12 N/A
Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc.