Shodan
Vulnerabilities
Vulnerable Software
Google:  >> Chrome  >> 10.0.648.128  Security Vulnerabilities
CVE-2016-5217
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-01-19
CVE-2016-5218
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-01-19
CVE-2016-5219
A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
6.3
EPSS Score
0.005
Published
2017-01-19
CVE-2016-5220
PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-01-19
CVE-2016-5221
Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.
CVSS Score
6.3
EPSS Score
0.003
Published
2017-01-19
CVE-2016-5222
Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-01-19
CVE-2016-5181
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-12-18
CVE-2016-5182
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.
CVSS Score
8.8
EPSS Score
0.005
Published
2016-12-18
CVE-2016-5183
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.
CVSS Score
8.8
EPSS Score
0.009
Published
2016-12-18
CVE-2016-5184
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.
CVSS Score
8.8
EPSS Score
0.005
Published
2016-12-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved