Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 15289 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5186 1 Google 1 Chrome 2026-06-17 6.8 MEDIUM 5.3 MEDIUM
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
CVE-2016-5185 1 Google 1 Chrome 2026-06-17 6.8 MEDIUM 8.8 HIGH
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
CVE-2016-5184 1 Google 1 Chrome 2026-06-17 6.8 MEDIUM 8.8 HIGH
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.
CVE-2016-5183 1 Google 1 Chrome 2026-06-17 6.8 MEDIUM 8.8 HIGH
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.
CVE-2016-5182 1 Google 1 Chrome 2026-06-17 6.8 MEDIUM 8.8 HIGH
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.
CVE-2016-5181 1 Google 1 Chrome 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages.
CVE-2016-5179 1 Google 1 Chrome Os 2026-06-17 10.0 HIGH 9.8 CRITICAL
Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.
CVE-2016-5178 5 Debian, Fedoraproject, Google and 2 more 7 Debian Linux, Fedora, Chrome and 4 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-5177 5 Debian, Fedoraproject, Google and 2 more 7 Debian Linux, Fedora, Chrome and 4 more 2026-06-17 6.8 MEDIUM 8.8 HIGH
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-5176 1 Google 1 Chrome 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
CVE-2016-5175 1 Google 1 Chrome 2026-06-17 6.8 MEDIUM 8.8 HIGH
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-5174 1 Google 1 Chrome 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.
CVE-2016-5173 1 Google 1 Chrome 2026-06-17 6.8 MEDIUM 7.1 HIGH
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
CVE-2016-5172 3 Debian, Google, Nodejs 3 Debian Linux, Chrome, Node.js 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
CVE-2016-5171 1 Google 1 Chrome 2026-06-17 6.8 MEDIUM 8.8 HIGH
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
CVE-2016-5170 1 Google 1 Chrome 2026-06-17 6.8 MEDIUM 8.8 HIGH
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.
CVE-2016-5169 1 Google 1 Chrome Os 2026-06-17 6.8 MEDIUM 8.8 HIGH
Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2016-5168 1 Google 1 Chrome 2026-06-17 5.0 MEDIUM 7.5 HIGH
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.
CVE-2016-5167 2 Google, Opensuse 2 Chrome, Leap 2026-06-17 7.5 HIGH 8.8 HIGH
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-5166 2 Google, Opensuse 2 Chrome, Leap 2026-06-17 2.6 LOW 3.1 LOW
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.