Google

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-5216 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 6.3 MEDIUM· v3 6.8 MEDIUM· v2 A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
CVE-2016-5215 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 6.3 MEDIUM· v3 6.8 MEDIUM· v2 A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2016-5214 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page.
CVE-2016-5213 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2016-5212 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page.
CVE-2016-5211 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2016-5210 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption vi...Show more Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.Show less
CVE-2016-5209 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted H...Show more Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Show less
CVE-2016-5208 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject ar...Show more Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.Show less
CVE-2016-5207 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacke...Show more In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.Show less
CVE-2016-5206 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafte...Show more The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.Show less
CVE-2016-5205 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
CVE-2016-5204 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary s...Show more Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.Show less
CVE-2016-5203 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2016-5201 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a...Show more A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.Show less
CVE-2016-5200 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially ex...Show more V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.Show less
CVE-2016-5199 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remo...Show more An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.Show less
CVE-2016-5198 2Google Redhat 4Chrome Enterprise Linux DesktopEnterprise Linux Server+1 more Apr 21, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary re...Show more V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.Show less
CVE-2016-5197 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the...Show more The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.Show less
CVE-2016-5196 1Google 1Chrome May 13, 2026 Jan 19, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and in...Show more The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.Show less

Previous 1...575576577...688 Next