Google Chrome vulnerabilities

CVE-2016-1705 [HIGH] CVE-2016-1705: Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2016-5131 [HIGH] CWE-416 CVE-2016-5131: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

CVE-2016-1709 [HIGH] CWE-119 CVE-2016-1709: Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly befor Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font.

CVE-2016-5127 [HIGH] CWE-416 CVE-2016-5127: Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Goo Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a

CVE-2016-5136 [HIGH] CWE-416 CVE-2016-5136: Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsys Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.

CVE-2016-5129 [HIGH] CWE-119 CVE-2016-5129: Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.

CVE-2016-1710 [HIGH] CWE-285 CVE-2016-1710: The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as use The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

CVE-2016-5134 [HIGH] CVE-2016-5134: net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743. net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.

CVE-2016-5128 [HIGH] CWE-254 CVE-2016-5128: objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not pr objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

CVE-2016-1711 [HIGH] CWE-285 CVE-2016-1711: WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, do WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

CVE-2016-5135 [MEDIUM] CWE-20 CVE-2016-5135: WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0 WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content

CVE-2016-1707 [MEDIUM] CWE-20 CVE-2016-1707: ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensu ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.

CVE-2016-5130 [MEDIUM] CWE-284 CVE-2016-5130: content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restri content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.

CVE-2016-5133 [MEDIUM] CWE-287 CVE-2016-5133: Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which a Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.

CVE-2016-5137 [MEDIUM] CVE-2016-5137: The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content S The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether

CVE-2016-1704 [HIGH] CVE-2016-1704: Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2016-1672 [HIGH] CWE-254 CVE-2016-1672: The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extensio The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors.

CVE-2016-1690 [HIGH] CVE-2016-1690: The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1701.

CVE-2016-1697 [HIGH] CWE-284 CVE-2016-1697: The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used i The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

CVE-2016-1674 [HIGH] CVE-2016-1674: The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.