Google Chrome vulnerabilities

CVE-2016-1659 [CRITICAL] CVE-2016-1659: Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2016-1656 [HIGH] CWE-284 CVE-2016-1656: The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.

CVE-2016-1655 [HIGH] CVE-2016-1655: Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during cal Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.

CVE-2016-1651 [HIGH] CWE-200 CVE-2016-1651: fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document.

CVE-2016-1653 [HIGH] CWE-119 CVE-2016-1653: The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.

CVE-2016-1652 [MEDIUM] CWE-79 CVE-2016-1652: Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensio Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

CVE-2016-1654 [MEDIUM] CWE-20 CVE-2016-1654: The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data str The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.

CVE-2016-1658 [MEDIUM] CWE-200 CVE-2016-1658: The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.

CVE-2016-1657 [MEDIUM] CWE-254 CVE-2016-1657: The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.

CVE-2016-1646 [HIGH] CWE-125 CVE-2016-1646: The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome befo The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.

CVE-2016-3679 [HIGH] CVE-2016-3679: Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2016-1650 [HIGH] CVE-2016-1650: The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/pa The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document.

CVE-2016-1649 [HIGH] CWE-119 CVE-2016-1649: The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.

CVE-2016-1647 [HIGH] CVE-2016-1647: Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/render Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2016-1648 [HIGH] CVE-2016-1648: Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.c Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.

CVE-2016-1643 [HIGH] CWE-361 CVE-2016-1643: The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cp The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion.

CVE-2016-1645 [HIGH] CWE-119 CVE-2016-1645: Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, a Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data.

CVE-2016-1644 [HIGH] CVE-2016-1644: WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, d WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document.

CVE-2016-1642 [CRITICAL] CVE-2016-1642: Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2016-1635 [CRITICAL] CVE-2016-1635: extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not p extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.