CVE-2016-5145
- EPSS 1.35%
- Veröffentlicht 07.08.2016 19:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Or...
CVE-2016-5144
- EPSS 1.7%
- Veröffentlicht 07.08.2016 19:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access ...
CVE-2016-5143
- EPSS 1.76%
- Veröffentlicht 07.08.2016 19:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access ...
CVE-2016-5142
- EPSS 1.66%
- Veröffentlicht 07.08.2016 19:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspeci...
CVE-2016-5141
- EPSS 1.48%
- Veröffentlicht 07.08.2016 19:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.
CVE-2016-5140
- EPSS 1.85%
- Veröffentlicht 07.08.2016 19:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafte...
CVE-2016-5139
- EPSS 1.28%
- Veröffentlicht 07.08.2016 19:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified ...
CVE-2016-5138
- EPSS 1.17%
- Veröffentlicht 01.08.2016 02:59:16
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unr...
CVE-2016-5137
- EPSS 1.28%
- Veröffentlicht 23.07.2016 19:59:20
- Zuletzt bearbeitet 06.05.2026 22:30:45
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and do...
CVE-2016-5136
- EPSS 1.38%
- Veröffentlicht 23.07.2016 19:59:19
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors re...