CVE-2016-5188
- EPSS 0.97%
- Veröffentlicht 18.12.2016 03:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.
CVE-2016-5189
- EPSS 1.01%
- Veröffentlicht 18.12.2016 03:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pa...
CVE-2016-5190
- EPSS 0.91%
- Veröffentlicht 18.12.2016 03:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
CVE-2016-5191
- EPSS 1.77%
- Veröffentlicht 18.12.2016 03:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML p...
CVE-2016-5192
- EPSS 1.2%
- Veröffentlicht 18.12.2016 03:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
CVE-2016-5193
- EPSS 1.22%
- Veröffentlicht 18.12.2016 03:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.
CVE-2005-4900
- EPSS 0.94%
- Veröffentlicht 14.10.2016 16:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this...
CVE-2016-5176
- EPSS 0.8%
- Veröffentlicht 29.09.2016 10:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
CVE-2016-7549
- EPSS 1.07%
- Veröffentlicht 25.09.2016 20:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or p...
CVE-2016-5175
- EPSS 1.04%
- Veröffentlicht 25.09.2016 20:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.