| CVE-2016-5198 |
High |
Yes |
Arbitrary code execution |
An out of bounds memory access flaw was found in the V8 component of the Chromium browser. |
| CVE-2016-5192 |
Medium |
Yes |
Same-origin policy bypass |
A cross-origin bypass flaw was found in the Blink component of the Chromium browser. |
| CVE-2016-5188 |
Medium |
Yes |
Content spoofing |
An UI spoofing flaw was found in the Chromium browser. |
| CVE-2016-5187 |
High |
Yes |
Content spoofing |
An URL spoofing flaw was found in the Chromium browser. |
| CVE-2016-5186 |
Medium |
Yes |
Information disclosure |
An out of bounds read flaw was found in the DevTools component of the Chromium browser. |
| CVE-2016-5185 |
High |
Yes |
Arbitrary code execution |
An use after free flaw was found in the Blink component of the Chromium browser. |
| CVE-2016-5181 |
High |
Yes |
Cross-site scripting |
An universal XSS flaw was found in the Blink component of the Chromium browser. |
| CVE-2016-5172 |
Medium |
Yes |
Information disclosure |
The parser in Google V8 mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code. |
| CVE-2016-5171 |
Critical |
Yes |
Arbitrary code execution |
WebKit/Source/bindings/templates/interface.cpp in Blink does not prevent certain constructor calls, which allows remote attackers to cause a denial of... |
| CVE-2016-5170 |
Critical |
Yes |
Arbitrary code execution |
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink does not properly consider getter side effects during array key conversion, which allows... |
| CVE-2016-5166 |
Medium |
Yes |
Information disclosure |
The download implementation in Chromium does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for... |
| CVE-2016-5161 |
Medium |
Yes |
Information disclosure |
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink mishandles custom properties, which allows remote attackers to... |
| CVE-2016-5155 |
High |
Yes |
Content spoofing |
Chromium does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site. |
| CVE-2016-5153 |
Critical |
Yes |
Arbitrary code execution |
The Web Animations implementation in Blink improperly relies on list iteration, which allows remote attackers to cause a denial of service... |
| CVE-2016-5147 |
High |
Yes |
Cross-site scripting |
Blink, as used in Google Chrome, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web... |
| CVE-2016-5133 |
Medium |
Yes |
Content spoofing |
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a... |