CVE-2017-5026
- EPSS 1.43%
- Veröffentlicht 17.02.2017 07:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page.
CVE-2017-5027
- EPSS 0.6%
- Veröffentlicht 17.02.2017 07:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted H...
CVE-2016-5223
- EPSS 1.04%
- Veröffentlicht 19.01.2017 05:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.
CVE-2016-5224
- EPSS 1.08%
- Veröffentlicht 19.01.2017 05:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted...
CVE-2016-5225
- EPSS 1.08%
- Veröffentlicht 19.01.2017 05:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.
CVE-2016-5226
- EPSS 0.74%
- Veröffentlicht 19.01.2017 05:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascri...
CVE-2016-9650
- EPSS 1.08%
- Veröffentlicht 19.01.2017 05:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.
CVE-2016-5196
- EPSS 0.98%
- Veröffentlicht 19.01.2017 05:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including t...
CVE-2016-5197
- EPSS 0.96%
- Veröffentlicht 19.01.2017 05:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML pag...
CVE-2016-5198
- EPSS 34.7%
- Veröffentlicht 19.01.2017 05:59:00
- Zuletzt bearbeitet 21.04.2026 17:51:16
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading t...