Google Chrome vulnerabilities

CVE-2016-1626 [MEDIUM] CWE-119 CVE-2016-1626: The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

CVE-2016-1625 [MEDIUM] CWE-264 CVE-2016-1625: The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc.

CVE-2016-2051 [CRITICAL] CVE-2016-2051: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2016-1620 [HIGH] CVE-2016-1620: Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2016-2052 [HIGH] CVE-2016-2052: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0. Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.

CVE-2016-1619 [HIGH] CWE-119 CVE-2016-1619: Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/cod Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.

CVE-2016-1613 [HIGH] CVE-2016-1613: Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Googl Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.

CVE-2016-1612 [HIGH] CWE-20 CVE-2016-1612: The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.256 The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.

CVE-2016-1616 [MEDIUM] CWE-254 CVE-2016-1616: The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.

CVE-2016-1617 [MEDIUM] CWE-200 CVE-2016-1617: The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content S The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific

CVE-2016-1615 [MEDIUM] CWE-254 CVE-2016-1615: The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a d The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.

CVE-2016-1618 [MEDIUM] CWE-200 CVE-2016-1618: Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographically Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

CVE-2016-1614 [MEDIUM] CWE-200 CVE-2016-1614: The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBuffe The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

CVE-2015-6792 [CRITICAL] CVE-2015-6792: The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of dat The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.

CVE-2015-8664 [HIGH] CVE-2015-8664: Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Go Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.

CVE-2015-6791 [CRITICAL] CVE-2015-6791: Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2015-6789 [CRITICAL] CWE-362 CVE-2015-6789: Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0 Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.

CVE-2015-6788 [CRITICAL] CVE-2015-6788: The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the ex The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

CVE-2015-8548 [CRITICAL] CVE-2015-8548: Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478.

CVE-2015-6790 [MEDIUM] CWE-20 CVE-2015-6790: The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp i The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-