CVE-2017-5006
- EPSS 1.23%
- Veröffentlicht 17.02.2017 07:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
CVE-2017-5007
- EPSS 2.1%
- Veröffentlicht 17.02.2017 07:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a cr...
CVE-2017-5008
- EPSS 1.22%
- Veröffentlicht 17.02.2017 07:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitr...
CVE-2017-5009
- EPSS 1.42%
- Veröffentlicht 17.02.2017 07:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-5010
- EPSS 1.2%
- Veröffentlicht 17.02.2017 07:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
CVE-2017-5011
- EPSS 1.49%
- Veröffentlicht 17.02.2017 07:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.
CVE-2017-5012
- EPSS 1.74%
- Veröffentlicht 17.02.2017 07:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-5013
- EPSS 1.33%
- Veröffentlicht 17.02.2017 07:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2017-5014
- EPSS 1.36%
- Veröffentlicht 17.02.2017 07:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-5015
- EPSS 1.34%
- Veröffentlicht 17.02.2017 07:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.