Google Chrome vulnerabilities

CVE-2016-5147 [MEDIUM] CWE-79 CVE-2016-5147: Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on L Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

CVE-2016-5162 [MEDIUM] CVE-2016-5162: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chro The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking

CVE-2016-5164 [MEDIUM] CWE-79 CVE-2016-5164: Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Bl Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universa

CVE-2016-5165 [MEDIUM] CWE-79 CVE-2016-5165: Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google C Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string.

CVE-2016-5163 [MEDIUM] CWE-254 CVE-2016-5163: The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and b The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chr

CVE-2016-5160 [MEDIUM] CWE-254 CVE-2016-5160: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chro The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clic

CVE-2016-5155 [MEDIUM] CWE-254 CVE-2016-5155: Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not prop Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.

CVE-2016-5166 [LOW] CWE-200 CVE-2016-5166: The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0 The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accesse

CVE-2016-5140 [CRITICAL] CWE-119 CVE-2016-5140: Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in P Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.

CVE-2016-5146 [CRITICAL] CVE-2016-5146: Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2016-5143 [CRITICAL] CWE-264 CVE-2016-5143: The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116 The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.

CVE-2016-5144 [CRITICAL] CVE-2016-5144: The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116 The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.

CVE-2016-5142 [CRITICAL] CWE-416 CVE-2016-5142: The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52 The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp

CVE-2016-5141 [HIGH] CWE-20 CVE-2016-5141: Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address b Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.

CVE-2016-5145 [HIGH] CWE-254 CVE-2016-5145: Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is prese Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

CVE-2016-5139 [HIGH] CWE-119 CVE-2016-5139: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.

CVE-2016-5138 [HIGH] CWE-190 CVE-2016-5138: Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Googl Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication.

CVE-2016-1706 [CRITICAL] CWE-20 CVE-2016-1706: The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC me The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_hos

CVE-2016-1708 [HIGH] CWE-416 CVE-2016-1708: The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.

CVE-2016-5132 [HIGH] CWE-254 CVE-2016-5132: The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the S The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.