Google Chrome vulnerabilities

CVE-2017-5065 [MEDIUM] CWE-20 CVE-2017-5065: Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page.

CVE-2017-5081 [LOW] CWE-20 CVE-2017-5081: Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.

CVE-2015-1206 [MEDIUM] CWE-119 CVE-2015-1206: Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.

CVE-2015-1207 [MEDIUM] CWE-415 CVE-2015-1207: Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.

CVE-2016-5178 [CRITICAL] CWE-20 CVE-2016-5178: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2016-5177 [HIGH] CWE-416 CVE-2016-5177: Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

CVE-2017-5047 [HIGH] CWE-190 CVE-2017-5047: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

CVE-2017-5049 [HIGH] CWE-190 CVE-2017-5049: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

CVE-2017-5051 [HIGH] CWE-190 CVE-2017-5051: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

CVE-2017-5048 [HIGH] CWE-190 CVE-2017-5048: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

CVE-2017-5050 [HIGH] CWE-190 CVE-2017-5050: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

CVE-2014-9654 [CRITICAL] CVE-2014-9654: The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014- The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other i

CVE-2017-5036 [HIGH] CWE-416 CVE-2017-5036: A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57 A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.

CVE-2017-5034 [HIGH] CWE-416 CVE-2017-5034: A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a re A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

CVE-2017-5032 [HIGH] CWE-787 CVE-2017-5032: PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2017-5030 [HIGH] CWE-125 CVE-2017-5030: Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Window Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.

CVE-2017-5037 [HIGH] CWE-190 CVE-2017-5037: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

CVE-2017-5031 [HIGH] CWE-416 CVE-2017-5031: A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attack A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2017-5035 [HIGH] CWE-362 CVE-2017-5035: Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chro Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.

CVE-2017-5043 [HIGH] CWE-416 CVE-2017-5043: Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.