CVE-2016-5135
- EPSS 1.6%
- Veröffentlicht 23.07.2016 19:59:18
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the ...
CVE-2016-5134
- EPSS 1.52%
- Veröffentlicht 23.07.2016 19:59:17
- Zuletzt bearbeitet 06.05.2026 22:30:45
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating ...
CVE-2016-5133
- EPSS 0.97%
- Veröffentlicht 23.07.2016 19:59:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server ...
CVE-2016-5132
- EPSS 1.47%
- Veröffentlicht 23.07.2016 19:59:14
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via ...
CVE-2016-5131
- EPSS 2.27%
- Veröffentlicht 23.07.2016 19:59:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
CVE-2016-5130
- EPSS 1.2%
- Veröffentlicht 23.07.2016 19:59:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.
CVE-2016-5129
- EPSS 2.09%
- Veröffentlicht 23.07.2016 19:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via cr...
CVE-2016-5128
- EPSS 1.29%
- Veröffentlicht 23.07.2016 19:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a ...
CVE-2016-5127
- EPSS 1.31%
- Veröffentlicht 23.07.2016 19:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript ...
CVE-2016-1711
- EPSS 1.5%
- Veröffentlicht 23.07.2016 19:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy v...