FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0e425bb7-64f2-11e5-b2fd-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

Two vulnerabilities were fixed in this release:

  • [530301] High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [531891] High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski.

Discovery 2015-09-24
Entry 2015-09-27
chromium
< 45.0.2454.101

chromium-npapi
< 45.0.2454.101

chromium-pulse
< 45.0.2454.101

CVE-2015-1303
CVE-2015-1304
http://googlechromereleases.blogspot.nl/2015/09/stable-channel-update_24.html
1a6bbb95-24b8-11e6-bd31-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

42 security fixes in this release

Please reference CVE/URL list for details


Discovery 2016-05-25
Entry 2016-05-28
Modified 2016-06-20
chromium
chromium-npapi
chromium-pulse
< 51.0.2704.63

CVE-2016-1672
CVE-2016-1673
CVE-2016-1674
CVE-2016-1675
CVE-2016-1672
CVE-2016-1677
CVE-2016-1678
CVE-2016-1679
CVE-2016-1680
CVE-2016-1681
CVE-2016-1682
CVE-2016-1685
CVE-2016-1686
CVE-2016-1687
CVE-2016-1688
CVE-2016-1689
CVE-2016-1690
CVE-2016-1691
CVE-2016-1692
CVE-2016-1693
CVE-2016-1694
CVE-2016-1695
http://googlechromereleases.blogspot.nl/2016/05/stable-channel-update_25.html
1bcfd963-e483-41b8-ab8e-bad5c3ce49c9brotli -- buffer overflow

Google Chrome Releases reports:

[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.

Mozilla Foundation reports:

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.


Discovery 2016-02-08
Entry 2016-03-08
Modified 2016-03-08
brotli
ge 0.3.0 lt 0.3.0_1

< 0.2.0_2

libbrotli
< 0.3.0_3

chromium
chromium-npapi
chromium-pulse
< 48.0.2564.109

firefox
linux-firefox
< 45.0,1

seamonkey
linux-seamonkey
< 2.42

firefox-esr
< 38.7.0,1

libxul
thunderbird
linux-thunderbird
< 38.7.0

CVE-2016-1624
CVE-2016-1968
https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
https://chromium.googlesource.com/chromium/src/+/7716418a27d561ee295a99f11fd3865580748de2%5E!/
https://www.mozilla.org/security/advisories/mfsa2016-30/
https://hg.mozilla.org/releases/mozilla-release/rev/4a5d8ade4e3e
210f80b9-ede4-11e4-81c4-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

5 security fixes in this release, including:

  • [453279] High CVE-2015-1243: Use-after-free in DOM. Credit to Saif El-Sherei.
  • [481777] CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2015-04-28
Entry 2015-04-28
chromium
< 42.0.2311.135

chromium-npapi
< 42.0.2311.135

chromium-pulse
< 42.0.2311.135

CVE-2015-1243
CVE-2015-1250
http://googlechromereleases.blogspot.nl/2015/04/stable-channel-update_28.html
36034227-cf81-11e5-9c2b-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

6 security fixes in this release, including:

  • [546677] High CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous.
  • [577105] High CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [509313] Medium CVE-2016-1625: Navigation bypass in Chrome Instant. Credit to Jann Horn.
  • [571480] Medium CVE-2016-1626: Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
  • [585517] CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2016-02-08
Entry 2016-02-09
Modified 2016-03-08
chromium
chromium-npapi
chromium-pulse
< 48.0.2564.109

CVE-2016-1622
CVE-2016-1623
CVE-2016-1625
CVE-2016-1626
CVE-2016-1627
http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_9.html
368993bb-d685-11e5-8858-00262d5ed8eechromium -- same origin bypass

Google Chrome Releases reports:

[583431] Critical CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. Credit to anonymous.


Discovery 2016-02-18
Entry 2016-02-18
chromium
chromium-npapi
chromium-pulse
< 48.0.2564.116

CVE-2016-1629
http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_18.html
371bbea9-3836-4832-9e70-e8e928727f8cchromium -- multiple vulnerabilities

Google Chrome Releases reports:

This update includes 37 security fixes, including:

  • [497632] High CVE-2016-1612: Bad cast in V8.
  • [572871] High CVE-2016-1613: Use-after-free in PDFium.
  • [544691] Medium CVE-2016-1614: Information leak in Blink.
  • [468179] Medium CVE-2016-1615: Origin confusion in Omnibox.
  • [541415] Medium CVE-2016-1616: URL Spoofing.
  • [544765] Medium CVE-2016-1617: History sniffing with HSTS and CSP.
  • [552749] Medium CVE-2016-1618: Weak random number generator in Blink.
  • [557223] Medium CVE-2016-1619: Out-of-bounds read in PDFium.
  • [579625] CVE-2016-1620: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch.

Discovery 2016-01-20
Entry 2016-01-21
chromium
chromium-npapi
chromium-pulse
< 48.0.2564.82

CVE-2016-1612
CVE-2016-1613
CVE-2016-1614
CVE-2016-1615
CVE-2016-1616
CVE-2016-1617
CVE-2016-1618
CVE-2016-1619
CVE-2016-1620
http://googlechromereleases.blogspot.de/2016/01/stable-channel-update_20.html
4b9ca994-e3d9-11e6-813d-e8e0b747a45achromium -- multiple vulnerabilities

Google Chrome Releases reports:

51 security fixes in this release

Please reference CVE/URL list for details


Discovery 2017-01-25
Entry 2017-01-26
chromium
chromium-npapi
chromium-pulse
< 56.0.2924.76

CVE-2017-5007
CVE-2017-5006
CVE-2017-5008
CVE-2017-5010
CVE-2017-5011
CVE-2017-5009
CVE-2017-5012
CVE-2017-5013
CVE-2017-5014
CVE-2017-5015
CVE-2017-5019
CVE-2017-5016
CVE-2017-5017
CVE-2017-5018
CVE-2017-2020
CVE-2017-2021
CVE-2017-2022
CVE-2017-2023
CVE-2017-2024
CVE-2017-2025
CVE-2017-2026
https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
4dfafa16-24ba-11e6-bd31-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

5 security fixes in this release, including:

  • [605766] High CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski.
  • [605910] High CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski.
  • [606115] High CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.
  • [578882] Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.
  • [586657] Medium CVE-2016-1671: Directory traversal using the file scheme on Android. Credit to Jann Horn.

Discovery 2016-05-11
Entry 2016-05-28
chromium
chromium-npapi
chromium-pulse
< 50.0.2661.102

CVE-2016-1667
CVE-2016-1668
CVE-2016-1669
CVE-2016-1670
CVE-2016-1671
http://googlechromereleases.blogspot.nl/2016/05/stable-channel-update.html
52f4b48b-4ac3-11e7-99aa-e8e0b747a45achromium -- multiple vulnerabilities

Google Chrome releases reports:

30 security fixes in this release

Please reference CVE/URL list for details


Discovery 2017-06-05
Entry 2017-06-06
chromium
chromium-pulse
< 59.0.3071.86

CVE-2017-5070
CVE-2017-5071
CVE-2017-5072
CVE-2017-5073
CVE-2017-5074
CVE-2017-5075
CVE-2017-5086
CVE-2017-5076
CVE-2017-5077
CVE-2017-5078
CVE-2017-5079
CVE-2017-5080
CVE-2017-5081
CVE-2017-5082
CVE-2017-5083
CVE-2017-5085
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
548f74bd-993c-11e5-956b-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

41 security fixes in this release, including:

  • [558589] Critical CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous.
  • [551044] High CVE-2015-6766: Use-after-free in AppCache. Credit to anonymous.
  • [554908] High CVE-2015-6767: Use-after-free in AppCache. Credit to anonymous.
  • [556724] High CVE-2015-6768: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [534923] High CVE-2015-6769: Cross-origin bypass in core. Credit to Mariusz Mlynski.
  • [541206] High CVE-2015-6770: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [544991] High CVE-2015-6771: Out of bounds access in v8. Credit to anonymous.
  • [546545] High CVE-2015-6772: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [554946] High CVE-2015-6764: Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own.
  • [491660] High CVE-2015-6773: Out of bounds access in Skia. Credit to cloudfuzzer.
  • [549251] High CVE-2015-6774: Use-after-free in Extensions. Credit to anonymous.
  • [529012] High CVE-2015-6775: Type confusion in PDFium. Credit to Atte Kettunen of OUSPG.
  • [457480] High CVE-2015-6776: Out of bounds access in PDFium. Credit to Hanno Böck.
  • [544020] High CVE-2015-6777: Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team.
  • [514891] Medium CVE-2015-6778: Out of bounds access in PDFium. Credit to Karl Skomski.
  • [528505] Medium CVE-2015-6779: Scheme bypass in PDFium. Credit to Til Jasper Ullrich.
  • [490492] Medium CVE-2015-6780: Use-after-free in Infobars. Credit to Khalil Zhani.
  • [497302] Medium CVE-2015-6781: Integer overflow in Sfntly. Credit to miaubiz.
  • [536652] Medium CVE-2015-6782: Content spoofing in Omnibox. Credit to Luan Herrera.
  • [537205] Medium CVE-2015-6783: Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski.
  • [503217] Low CVE-2015-6784: Escaping issue in saved pages. Credit to Inti De Ceukelaire.
  • [534542] Low CVE-2015-6785: Wildcard matching issue in CSP. Credit to Michael Ficarra / Shape Security.
  • [534570] Low CVE-2015-6786: Scheme bypass in CSP. Credit to Michael Ficarra / Shape Security.
  • [563930] CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23).

Discovery 2015-12-01
Entry 2015-12-02
chromium
chromium-npapi
chromium-pulse
< 47.0.2526.73

CVE-2015-6765
CVE-2015-6766
CVE-2015-6767
CVE-2015-6768
CVE-2015-6769
CVE-2015-6770
CVE-2015-6771
CVE-2015-6772
CVE-2015-6773
CVE-2015-6774
CVE-2015-6775
CVE-2015-6776
CVE-2015-6777
CVE-2015-6778
CVE-2015-6779
CVE-2015-6780
CVE-2015-6781
CVE-2015-6782
CVE-2015-6783
CVE-2015-6784
CVE-2015-6785
CVE-2015-6786
CVE-2015-6787
http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update.html
5c288f68-c7ca-4c0d-b7dc-1ec6295200b3chromium -- multiple vulnerabilities

Google Chrome Releases reports:

[589838] High CVE-2016-1643: Type confusion in Blink.

[590620] High CVE-2016-1644: Use-after-free in Blink.

[587227] High CVE-2016-1645: Out-of-bounds write in PDFium.


Discovery 2016-03-08
Entry 2016-03-29
chromium
chromium-npapi
chromium-pulse
< 49.0.2623.87

CVE-2016-1643
CVE-2016-1644
CVE-2016-1645
http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_8.html
603fe0a1-bb26-11e6-8e5a-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

36 security fixes in this release

Please reference CVE/URL list for details


Discovery 2016-12-01
Entry 2016-12-05
chromium
chromium-npapi
chromium-pulse
< 55.0.2883.75

CVE-2016-9651
CVE-2016-5208
CVE-2016-5207
CVE-2016-5206
CVE-2016-5205
CVE-2016-5204
CVE-2016-5209
CVE-2016-5203
CVE-2016-5210
CVE-2016-5212
CVE-2016-5211
CVE-2016-5213
CVE-2016-5214
CVE-2016-5216
CVE-2016-5215
CVE-2016-5217
CVE-2016-5218
CVE-2016-5219
CVE-2016-5221
CVE-2016-5220
CVE-2016-5222
CVE-2016-9650
CVE-2016-5223
CVE-2016-5226
CVE-2016-5225
CVE-2016-5224
CVE-2016-9652
https://googlechromereleases.blogspot.nl/2016/12/stable-channel-update-for-desktop.html
653a8059-7c49-11e6-9242-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

Several security fixes in this release, including:

  • [641101] High CVE-2016-5170: Use after free in Blink.Credit to Anonymous
  • [643357] High CVE-2016-5171: Use after free in Blink. Credit to Anonymous
  • [616386] Medium CVE-2016-5172: Arbitrary Memory Read in v8. Credit to Choongwoo Han
  • [468931] Medium CVE-2016-5173: Extension resource access. Credit to Anonymous
  • [579934] Medium CVE-2016-5174: Popup not correctly suppressed. Credit to Andrey Kovalev (@L1kvID) Yandex Security Team
  • [646394] CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2016-09-13
Entry 2016-09-16
chromium
chromium-npapi
chromium-pulse
< 53.0.2785.113

CVE-2016-5170
CVE-2016-5171
CVE-2016-5172
CVE-2016-5173
CVE-2016-5174
CVE-2016-5175
https://googlechromereleases.blogspot.nl/2016/09/stable-channel-update-for-desktop_13.html
6d8505f0-0614-11e6-b39c-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

20 security fixes in this release, including:

  • [590275] High CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous.
  • [589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han.
  • [591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP's Zero Day Initiative.
  • [589512] Medium CVE-2016-1654: Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.
  • [582008] Medium CVE-2016-1655: Use-after-free related to extensions. Credit to Rob Wu.
  • [570750] Medium CVE-2016-1656: Android downloaded file path restriction bypass. Credit to Dzmitry Lukyanenko.
  • [567445] Medium CVE-2016-1657: Address bar spoofing. Credit to Luan Herrera.
  • [573317] Low CVE-2016-1658: Potential leak of sensitive information to malicious extensions. Credit to Antonio Sanso (@asanso) of Adobe.
  • [602697] CVE-2016-1659: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2016-04-13
Entry 2016-04-19
chromium
chromium-npapi
chromium-pulse
< 50.0.2661.75

CVE-2016-1651
CVE-2016-1652
CVE-2016-1653
CVE-2016-1654
CVE-2016-1655
CVE-2016-1656
CVE-2016-1657
CVE-2016-1658
CVE-2016-1659
http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_13.html
6fae9fe1-5048-11e6-8aa7-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

48 security fixes in this release, including:

  • [610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie xisigr of Tencent's Xuanwu Lab
  • [613949] High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan
  • [614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team
  • [616907] High CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski
  • [617495] High CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski
  • [618237] High CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer
  • [619166] High CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous
  • [620553] High CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin
  • [623319] High CVE-2016-5130: URL spoofing. Credit to Wadih Matar
  • [623378] High CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer
  • [607543] Medium CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly
  • [613626] Medium CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor
  • [593759] Medium CVE-2016-5134: URL leakage via PAC script. Credit to Paul Stone
  • [605451] Medium CVE-2016-5135: Content-Security-Policy bypass. Credit to kingxwy
  • [625393] Medium CVE-2016-5136: Use after free in extensions. Credit to Rob Wu
  • [625945] Medium CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu
  • [629852] CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2016-07-20
Entry 2016-07-22
chromium
chromium-npapi
chromium-pulse
< 52.0.2743.82

CVE-2016-1705
CVE-2016-1706
CVE-2016-1708
CVE-2016-1709
CVE-2016-1710
CVE-2016-1711
CVE-2016-5127
CVE-2016-5128
CVE-2016-5129
CVE-2016-5130
CVE-2016-5131
CVE-2016-5132
CVE-2016-5133
CVE-2016-5134
CVE-2016-5135
CVE-2016-5136
CVE-2016-5137
https://googlechromereleases.blogspot.nl/2016/07/stable-channel-update.html
72c145df-a1e0-11e5-8ad0-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

7 security fixes in this release, including:

  • [548273] High CVE-2015-6788: Type confusion in extensions. Credit to anonymous.
  • [557981] High CVE-2015-6789: Use-after-free in Blink. Credit to cloudfuzzer.
  • [542054] Medium CVE-2015-6790: Escaping issue in saved pages. Credit to Inti De Ceukelaire.
  • [567513] CVE-2015-6791: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23).

Discovery 2015-12-08
Entry 2015-12-13
chromium
chromium-npapi
chromium-pulse
< 47.0.2526.80

CVE-2015-6788
CVE-2015-6789
CVE-2015-6790
CVE-2015-6791
http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update_8.html
769ba449-79e1-11e6-bf75-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

33 security fixes in this release

Please reference CVE/URL list for details


Discovery 2016-08-31
Entry 2016-09-13
chromium
chromium-npapi
chromium-pulse
< 53.0.2785.92

CVE-2016-5147
CVE-2016-5148
CVE-2016-5149
CVE-2016-5150
CVE-2016-5151
CVE-2016-5152
CVE-2016-5153
CVE-2016-5154
CVE-2016-5155
CVE-2016-5156
CVE-2016-5157
CVE-2016-5158
CVE-2016-5159
CVE-2016-5160
CVE-2016-5161
CVE-2016-5162
CVE-2016-5163
CVE-2016-5164
CVE-2016-5165
CVE-2016-5166
CVE-2016-5167
https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop_31.html
7cf058d8-158d-11e7-ba2c-e8e0b747a45achromium -- multiple vulnerabilities

Google Chrome Releases reports:

5 security fixes in this release, including:

  • [698622] Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
  • [699166] High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
  • [662767] High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
  • [705445] High CVE-2017-5056: Use after free in Blink. Credit to anonymous
  • [702058] High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)

Discovery 2017-03-29
Entry 2017-03-30
chromium
chromium-npapi
chromium-pulse
< 57.0.2987.133

CVE-2017-5055
CVE-2017-5054
CVE-2017-5052
CVE-2017-5056
CVE-2017-5053
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html
7d138476-7710-11e7-88a1-e8e0b747a45achromium -- multiple vulnerabilities

Google Chrome releases reports:

40 security fixes in this release

Please reference CVE/URL list for details


Discovery 2017-07-25
Entry 2017-08-01
chromium
chromium-pulse
< 60.0.3112.78

CVE-2017-5091
CVE-2017-5092
CVE-2017-5093
CVE-2017-5094
CVE-2017-5095
CVE-2017-5096
CVE-2017-5097
CVE-2017-5098
CVE-2017-5099
CVE-2017-5100
CVE-2017-5101
CVE-2017-5102
CVE-2017-5103
CVE-2017-5104
CVE-2017-7000
CVE-2017-5105
CVE-2017-5106
CVE-2017-5107
CVE-2017-5108
CVE-2017-5109
CVE-2017-5110
https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
7da1da96-24bb-11e6-bd31-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

9 security fixes in this release, including:

  • [574802] High CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen of OUSPG.
  • [601629] High CVE-2016-1661: Memory corruption in cross-process frames. Credit to Wadih Matar.
  • [603732] High CVE-2016-1662: Use-after-free in extensions. Credit to Rob Wu.
  • [603987] High CVE-2016-1663: Use-after-free in Blink's V8 bindings. Credit to anonymous.
  • [597322] Medium CVE-2016-1664: Address bar spoofing. Credit to Wadih Matar.
  • [606181] Medium CVE-2016-1665: Information leak in V8. Credit to HyungSeok Han.
  • [607652] CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2016-04-28
Entry 2016-05-28
chromium
chromium-npapi
chromium-pulse
< 50.0.2661.94

CVE-2016-1660
CVE-2016-1661
CVE-2016-1662
CVE-2016-1663
CVE-2016-1664
CVE-2016-1665
CVE-2016-1666
http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_28.html
8301c04d-71df-11e5-9fcb-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

24 security fixes in this release, including:

  • [519558] High CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [507316] High CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous.
  • [529520] High CVE-2015-6757: Use-after-free in ServiceWorker. Credit to Collin Payne.
  • [522131] High CVE-2015-6758: Bad-cast in PDFium. Credit to Atte Kettunen of OUSPG.
  • [514076] Medium CVE-2015-6759: Information leakage in LocalStorage. Credit to Muneaki Nishimura (nishimunea).
  • [519642] Medium CVE-2015-6760: Improper error handling in libANGLE. Credit to lastland.net.
  • [447860,532967] Medium CVE-2015-6761: Memory corruption in FFMpeg. Credit to Aki Helin of OUSPG and anonymous.
  • [512678] Low CVE-2015-6762: CORS bypass via CSS fonts. Credit to Muneaki Nishimura (nishimunea).
  • [542517] CVE-2015-6763: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).

Discovery 2015-10-13
Entry 2015-10-13
chromium
chromium-npapi
chromium-pulse
< 46.0.2490.71

CVE-2015-6755
CVE-2015-6756
CVE-2015-6757
CVE-2015-6758
CVE-2015-6759
CVE-2015-6760
CVE-2015-6761
CVE-2015-6762
CVE-2015-6763
http://googlechromereleases.blogspot.nl/2015/10/stable-channel-update.html
8505e013-c2b3-11e4-875d-000c6e25e3e9chromium -- multiple vulnerabilities

Chrome Releases reports:

51 security fixes in this release, including:

  • [456516] High CVE-2015-1212: Out-of-bounds write in media. Credit to anonymous.
  • [448423] High CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer.
  • [445810] High CVE-2015-1214: Out-of-bounds write in skia filters. Credit to cloudfuzzer.
  • [445809] High CVE-2015-1215: Out-of-bounds write in skia filters. Credit to cloudfuzzer.
  • [454954] High CVE-2015-1216: Use-after-free in v8 bindings. Credit to anonymous.
  • [456192] High CVE-2015-1217: Type confusion in v8 bindings. Credit to anonymous.
  • [456059] High CVE-2015-1218: Use-after-free in dom. Credit to cloudfuzzer.
  • [446164] High CVE-2015-1219: Integer overflow in webgl. Credit to Chen Zhang (demi6od) of NSFOCUS Security Team.
  • [437651] High CVE-2015-1220: Use-after-free in gif decoder. Credit to Aki Helin of OUSPG.
  • [455368] High CVE-2015-1221: Use-after-free in web databases. Credit to Collin Payne.
  • [448082] High CVE-2015-1222: Use-after-free in service workers. Credit to Collin Payne.
  • [454231] High CVE-2015-1223: Use-after-free in dom. Credit to Maksymillian Motyl.
  • High CVE-2015-1230: Type confusion in v8. Credit to Skylined working with HP's Zero Day Initiative.
  • [449958] Medium CVE-2015-1224: Out-of-bounds read in vpxdecoder. Credit to Aki Helin of OUSPG.
  • [446033] Medium CVE-2015-1225: Out-of-bounds read in pdfium. Credit to cloudfuzzer.
  • [456841] Medium CVE-2015-1226: Validation issue in debugger. Credit to Rob Wu.
  • [450389] Medium CVE-2015-1227: Uninitialized value in blink. Credit to Christoph Diehl.
  • [444707] Medium CVE-2015-1228: Uninitialized value in rendering. Credit to miaubiz.
  • [431504] Medium CVE-2015-1229: Cookie injection via proxies. Credit to iliwoy.
  • [463349] CVE-2015-1231: Various fixes from internal audits, fuzzing, and other initiatives.

Discovery 2015-03-03
Entry 2015-03-04
chromium
< 41.0.2272.76

chromium-npapi
< 41.0.2272.76

chromium-pulse
< 41.0.2272.76

CVE-2015-1212
CVE-2015-1213
CVE-2015-1214
CVE-2015-1215
CVE-2015-1216
CVE-2015-1217
CVE-2015-1218
CVE-2015-1219
CVE-2015-1220
CVE-2015-1221
CVE-2015-1222
CVE-2015-1223
CVE-2015-1224
CVE-2015-1225
CVE-2015-1226
CVE-2015-1227
CVE-2015-1228
CVE-2015-1229
CVE-2015-1230
CVE-2015-1231
http://googlechromereleases.blogspot.nl
8be8ca39-ae70-4422-bf1a-d8fae6911c5echromium -- multiple vulnerabilities

Google Chrome Releases reports:

[594574] High CVE-2016-1646: Out-of-bounds read in V8.

[590284] High CVE-2016-1647: Use-after-free in Navigation.

[590455] High CVE-2016-1648: Use-after-free in Extensions.

[597518] CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives.

Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch


Discovery 2016-03-24
Entry 2016-03-29
chromium
chromium-npapi
chromium-pulse
< 49.0.2623.108

CVE-2016-1646
CVE-2016-1647
CVE-2016-1648
CVE-2016-1649
CVE-2016-1650
http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html
9118961b-9fa5-11e6-a265-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

21 security fixes in this release, including:

  • [645211] High CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous
  • [638615] High CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go of STEALIEN
  • [645122] High CVE-2016-5183: Use after free in PDFium. Credit to Anonymous
  • [630654] High CVE-2016-5184: Use after free in PDFium. Credit to Anonymous
  • [621360] High CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer
  • [639702] High CVE-2016-5187: URL spoofing. Credit to Luan Herrera
  • [565760] Medium CVE-2016-5188: UI spoofing. Credit to Luan Herrera
  • [633885] Medium CVE-2016-5192: Cross-origin bypass in Blink. Credit to haojunhou@gmail.com
  • [646278] Medium CVE-2016-5189: URL spoofing. Credit to xisigr of Tencent's Xuanwu Lab
  • [644963] Medium CVE-2016-5186: Out of bounds read in DevTools. Credit to Abdulrahman Alqabandi (@qab)
  • [639126] Medium CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes
  • [642067] Medium CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen of OUSPG
  • [639658] Low CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU (martinzhou96)
  • [654782] CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives

Discovery 2016-10-12
Entry 2016-10-31
chromium
chromium-npapi
chromium-pulse
< 54.0.2840.59

CVE-2016-5181
CVE-2016-5182
CVE-2016-5183
CVE-2016-5184
CVE-2016-5185
CVE-2016-5186
CVE-2016-5187
CVE-2016-5188
CVE-2016-5189
CVE-2016-5190
CVE-2016-5191
CVE-2016-5192
CVE-2016-5193
CVE-2016-5194
https://googlechromereleases.blogspot.nl/2016/10/stable-channel-update-for-desktop.html
958b9cee-79da-11e6-bf75-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

10 security fixes in this release, including:

  • [629542] High CVE-2016-5141 Address bar spoofing. Credit to anonymous
  • [626948] High CVE-2016-5142 Use-after-free in Blink. Credit to anonymous
  • [625541] High CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan Go of Stealien
  • [619405] High CVE-2016-5140 Heap overflow in pdfium. Credit to Ke Liu of Tencent's Xuanwu LAB
  • [623406] Medium CVE-2016-5145 Same origin bypass for images in Blink. Credit to anonymous
  • [619414] Medium CVE-2016-5143 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal
  • [618333] Medium CVE-2016-5144 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal
  • [633486] CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2016-08-03
Entry 2016-09-13
chromium
chromium-npapi
chromium-pulse
< 52.0.2743.116

CVE-2016-5139
CVE-2016-5140
CVE-2016-5141
CVE-2016-5142
CVE-2016-5143
CVE-2016-5144
CVE-2016-5145
CVE-2016-5146
https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop.html
95a74a48-2691-11e7-9e2d-e8e0b747a45achromium -- multiple vulnerabilities

Google Chrome Releases reports:

29 security fixes in this release, including:

  • [695826] High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360
  • [694382] High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani
  • [684684] High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative
  • [683314] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng
  • [672847] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
  • [702896] Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous
  • [700836] Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip
  • [693974] Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar
  • [704560] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani
  • [690821] Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D candidate Chu Chen (ICTT, Xidian University)
  • [648117] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani
  • [691726] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman
  • [713205] Various fixes from internal audits, fuzzing and other initiatives

Discovery 2017-04-19
Entry 2017-04-21
chromium
chromium-pulse
< 58.0.3029.81

CVE-2017-5057
CVE-2017-5058
CVE-2017-5059
CVE-2017-5060
CVE-2017-5061
CVE-2017-5062
CVE-2017-5063
CVE-2017-5064
CVE-2017-5065
CVE-2017-5066
CVE-2017-5067
CVE-2017-5069
https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html
9c135c7e-9fa4-11e6-a265-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

3 security fixes in this release, including:

  • [642496] High CVE-2016-5177: Use after free in V8. Credit to Anonymous
  • [651092] CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2016-09-29
Entry 2016-10-31
chromium
chromium-npapi
chromium-pulse
< 53.0.2785.143

CVE-2016-5177
CVE-2016-5178
https://googlechromereleases.blogspot.nl/2016/09/stable-channel-update-for-desktop_29.html
9d732078-32c7-11e5-b263-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

43 security fixes in this release, including:

  • [446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.
  • [459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.
  • [461858] High CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to andrewm.bpi.
  • [462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team.
  • [472614] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.
  • [483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.
  • [486947] High CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.
  • [487155] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.
  • [487928] High CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.
  • [492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa.
  • [493243] High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG.
  • [504011] High CVE-2015-1286: UXSS in blink. Credit to anonymous.
  • [505374] High CVE-2015-1290: Memory corruption in V8. Credit to Yongjun Liu of NSFOCUS Security Team.
  • [419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.
  • [444573] Medium CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen of OUSPG.
  • [451456] Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva.
  • [479743] Medium CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined.
  • [482380] Medium CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.
  • [498982] Medium CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes.
  • [479162] Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to mike@michaelruddy.com.
  • [512110] CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2015-07-21
Entry 2015-07-25
chromium
< 44.0.2403.89

chromium-npapi
< 44.0.2403.89

chromium-pulse
< 44.0.2403.89

CVE-2015-1270
CVE-2015-1271
CVE-2015-1272
CVE-2015-1273
CVE-2015-1274
CVE-2015-1275
CVE-2015-1276
CVE-2015-1277
CVE-2015-1278
CVE-2015-1279
CVE-2015-1280
CVE-2015-1281
CVE-2015-1282
CVE-2015-1283
CVE-2015-1284
CVE-2015-1285
CVE-2015-1286
CVE-2015-1287
CVE-2015-1288
CVE-2015-1289
CVE-2015-1290
http://googlechromereleases.blogspot.nl/
a3473f5a-a739-11e6-afaa-e8e0b747a45achromium -- multiple vulnerabilities

Google Chrome Releases reports:

4 security fixes in this release, including:

  • [643948] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to Paul Mehta
  • [658114] High CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han
  • [660678] Medium CVE-2016-5201: Info leak in extensions. Credit to Rob Wu
  • [662843] CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives

Discovery 2016-11-09
Entry 2016-11-10
chromium
chromium-npapi
chromium-pulse
< 54.0.2840.100

CVE-2016-5199
CVE-2016-5200
CVE-2016-5201
CVE-2016-5202
https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop_9.html
a505d397-0758-11e7-8d8b-e8e0b747a45achromium -- multiple vulnerabilities

Google Chrome Releases reports:

36 security fixes in this release

Please reference CVE/URL list for details


Discovery 2017-03-09
Entry 2017-03-12
chromium
chromium-npapi
chromium-pulse
< 57.0.2987.98

CVE-2017-5030
CVE-2017-5031
CVE-2017-5032
CVE-2017-5029
CVE-2017-5034
CVE-2017-5035
CVE-2017-5036
CVE-2017-5037
CVE-2017-5039
CVE-2017-5040
CVE-2017-5041
CVE-2017-5033
CVE-2017-5042
CVE-2017-5038
CVE-2017-5043
CVE-2017-5044
CVE-2017-5045
CVE-2017-5046
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
a6eb239f-adbe-11e4-9fce-080027593b9achromium -- multiple vulnerabilities

Chrome Releases reports:

11 security fixes in this release, including:

  • [447906] High CVE-2015-1209: Use-after-free in DOM. Credit to Maksymillian.
  • [453979] High CVE-2015-1210: Cross-origin-bypass in V8 bindings. Credit to anonymous.
  • [453982] High CVE-2015-1211: Privilege escalation using service workers. Credit to anonymous.
  • [455225] CVE-2015-1212: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2015-02-05
Entry 2015-02-06
chromium
< 40.0.2214.111

chromium-pulse
< 40.0.2214.111

CVE-2015-1209
CVE-2015-1210
CVE-2015-1211
CVE-2015-1212
http://googlechromereleases.blogspot.nl
a9350df8-5157-11e5-b5c1-e8e0b747a45achromium -- multiple vulnerabilities

Google Chrome Releases reports:

29 security fixes in this release, including:

  • [516377] High CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous.
  • [522791] High CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski.
  • [524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [492263] High CVE-2015-1294: Use-after-free in Skia. Credit to cloudfuzzer.
  • [502562] High CVE-2015-1295: Use-after-free in Printing. Credit to anonymous.
  • [421332] High CVE-2015-1296: Character spoofing in omnibox. Credit to zcorpan.
  • [510802] Medium CVE-2015-1297: Permission scoping error in Webrequest. Credit to Alexander Kashev.
  • [518827] Medium CVE-2015-1298: URL validation error in extensions. Credit to Rob Wu.
  • [416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit to taro.suzuki.dev.
  • [511616] Medium CVE-2015-1300: Information leak in Blink. Credit to cgvwzq.
  • [526825] CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2015-09-01
Entry 2015-09-02
chromium
< 45.0.2454.85

chromium-npapi
< 45.0.2454.85

chromium-pulse
< 45.0.2454.85

CVE-2015-1291
CVE-2015-1292
CVE-2015-1293
CVE-2015-1294
CVE-2015-1295
CVE-2015-1296
CVE-2015-1297
CVE-2015-1298
CVE-2015-1299
CVE-2015-1300
CVE-2015-1301
http://googlechromereleases.blogspot.nl
a9d456b4-fe4c-11e4-ad15-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

37 security fixes in this release, including:

  • [474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.
  • [464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.
  • [444927] High CVE-2015-1254: Cross-origin bypass in Editing. Credit to armin@rawsec.net.
  • [473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.
  • [478549] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
  • [481015] High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP's Zero Day Initiative.
  • [468519] Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.
  • [450939] Medium CVE-2015-1258: Negative-size parameter in libvpx. Credit to cloudfuzzer
  • [468167] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG
  • [474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.
  • [466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.
  • [476647] Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.
  • [479162] Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.
  • [481015] Low CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.
  • [489518] CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21).

Discovery 2015-05-19
Entry 2015-05-19
chromium
< 43.0.2357.65

chromium-npapi
< 43.0.2357.65

chromium-pulse
< 43.0.2357.65

http://googlechromereleases.blogspot.nl/2015/05/stable-channel-update_19.html
CVE-2015-1251
CVE-2015-1252
CVE-2015-1253
CVE-2015-1254
CVE-2015-1255
CVE-2015-1256
CVE-2015-1257
CVE-2015-1258
CVE-2015-1259
CVE-2015-1260
CVE-2015-1261
CVE-2015-1262
CVE-2015-1263
CVE-2015-1264
CVE-2015-1265
ae9cb9b8-a203-11e6-a265-3065ec8fd3ecchromium -- out-of-bounds memory access

Google Chrome Releases reports:

[659475] High CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen Security Lab, working with Trend Micro's Zero Day Initiative.


Discovery 2016-11-01
Entry 2016-11-03
chromium
chromium-npapi
chromium-pulse
< 54.0.2840.90

CVE-2016-5198
https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop.html
b57f690e-ecc9-11e4-876c-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

45 new security fixes, including:

  • [456518] High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous.
  • [313939] Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo.
  • [461191] High CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani.
  • [445808] High CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer.
  • [463599] Medium CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil.
  • [418402] Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston of Sandfield Information Systems.
  • [460917] High CVE-2015-1242: Type confusion in V8. Credit to fcole@onshape.com.
  • [455215] Medium CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy.
  • [444957] Medium CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani.
  • [437399] Medium CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen of OUSPG.
  • [429838] Medium CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn.
  • [380663] Medium CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta (VittGam).
  • [476786] CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives. Multiple vulnerabilities in V8 fixed at the tip of the 4.2 branch (currently 4.2.77.14).

Discovery 2015-04-14
Entry 2015-04-27
chromium
< 42.0.2311.90

chromium-npapi
< 42.0.2311.90

chromium-pulse
< 42.0.2311.90

http://googlechromereleases.blogspot.nl/2015/04/stable-channel-update_14.html
CVE-2015-1235
CVE-2015-1236
CVE-2015-1237
CVE-2015-1238
CVE-2015-1240
CVE-2015-1241
CVE-2015-1242
CVE-2015-1244
CVE-2015-1245
CVE-2015-1246
CVE-2015-1247
CVE-2015-1248
CVE-2015-1249
bb7d4791-a5bf-11e5-a0e5-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

2 security fixes in this release, including:

  • [569486] CVE-2015-6792: Fixes from internal audits and fuzzing.

Discovery 2015-12-16
Entry 2015-12-18
chromium
chromium-npapi
chromium-pulse
< 47.0.2526.106

CVE-2015-6792
http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update_15.html
c039a761-2c29-11e6-8912-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

15 security fixes in this release, including:

  • 601073] High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous.
  • [613266] High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [603725] Medium CVE-2016-1698: Information leak in Extension bindings. Credit to Rob Wu.
  • [607939] Medium CVE-2016-1699: Parameter sanitization failure in DevTools. Credit to Gregory Panakkal.
  • [608104] Medium CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu.
  • [608101] Medium CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu.
  • [609260] Medium CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer.
  • [616539] CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2016-06-01
Entry 2016-06-06
chromium
chromium-npapi
chromium-pulse
< 51.0.2704.79

CVE-2016-1695
CVE-2016-1696
CVE-2016-1697
CVE-2016-1698
CVE-2016-1699
CVE-2016-1700
CVE-2016-1701
CVE-2016-1702
CVE-2016-1703
http://googlechromereleases.blogspot.nl/2016/06/stable-channel-update.html
d2bbcc01-4ec3-11e4-ab3f-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

159 security fixes in this release, including 113 found using MemorySanitizer:

  • [416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox.
  • [398384] High CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
  • [400476] High CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer.
  • [402407] High CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer.
  • [403276] High CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer.
  • [399655] High CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz.
  • [401115] High CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne.
  • [403409] Medium CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla.
  • [338538] Medium CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw.
  • [396544] Medium CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada.
  • [415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen of OUSPG.
  • [395411] Low CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne.
  • [420899] CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38).
  • Multiple vulnerabilities in V8 fixed at the tip of the 3.28 branch (currently 3.28.71.15).

Discovery 2014-10-07
Entry 2014-10-08
chromium
chromium-pulse
< 38.0.2125.101

CVE-2014-3188
CVE-2014-3189
CVE-2014-3190
CVE-2014-3191
CVE-2014-3192
CVE-2014-3193
CVE-2014-3194
CVE-2014-3195
CVE-2014-3196
CVE-2014-3197
CVE-2014-3198
CVE-2014-3199
CVE-2014-3200
http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html
d395e44f-6f4f-11e4-a444-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

42 security fixes in this release, including:

  • [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey.
  • [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG.
  • [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer.
  • [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer.
  • [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer.
  • [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG.
  • [421817] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team.
  • [423030] High CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
  • [423703] High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou.
  • [424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
  • [425980] High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl.
  • [391001] Medium CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz.
  • CVE-2014-7910: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2014-11-18
Entry 2014-11-18
chromium
< 39.0.2171.65

chromium-pulse
< 39.0.2171.65

CVE-2014-0574
CVE-2014-7899
CVE-2014-7900
CVE-2014-7901
CVE-2014-7902
CVE-2014-7903
CVE-2014-7904
CVE-2014-7905
CVE-2014-7906
CVE-2014-7907
CVE-2014-7908
CVE-2014-7909
CVE-2014-7910
http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html
d46ed7b8-1912-11e5-9fdf-00262d5ed8eewww/chromium -- multiple vulnerabilities

Google Chrome Releases reports:

4 security fixes in this release:

  • [464922] High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.
  • [494640] High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [497507] Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.
  • [461481] Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy.

Discovery 2015-06-22
Entry 2015-06-22
chromium
< 43.0.2357.130

chromium-npapi
< 43.0.2357.130

chromium-pulse
< 43.0.2357.130

CVE-2015-1266
CVE-2015-1267
CVE-2015-1268
CVE-2015-1269
http://googlechromereleases.blogspot.nl/2015/06/chrome-stable-update.html
d59ebed4-34be-11e6-be25-3065ec8fd3ecchromium -- multiple vulnerabilities

Google Chrome Releases reports:

3 security fixes in this release, including:

  • [620742] CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives.

Discovery 2016-06-16
Entry 2016-06-17
chromium
chromium-npapi
chromium-pulse
< 51.0.2704.103

CVE-2016-1704
https://googlechromereleases.blogspot.nl/2016/06/stable-channel-update_16.html
e30e0c99-a1b7-11e4-b85c-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

62 security fixes in this release, including:

  • [430353] High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.
  • [435880] High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.
  • [434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer.
  • [422824] High CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.
  • [444695] High CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.
  • [435073] High CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.
  • [442806] High CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.
  • [442710] High CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.
  • [443115] High CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.
  • [429666] High CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen of OUSPG.
  • [427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit to aohelin.
  • [427249] High CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.
  • [402957] High CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.
  • [428561] High CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.
  • [419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen of OUSPG.
  • [416323] High CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen of OUSPG.
  • [399951] High CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada.
  • [433866] Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.
  • [428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen of OUSPG and Christoph Diehl.
  • [426762] Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.
  • [422492] Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
  • [418881] Medium CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
  • [414310] Medium CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
  • [414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.
  • [430566] Medium CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck.
  • [414026] Medium CVE-2014-7948: Caching error in AppCache. Credit to jiayaoqijia.
  • [449894] CVE-2015-1205: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 3.30 branch (currently 3.30.33.15).

Discovery 2015-01-21
Entry 2015-01-21
chromium
< 40.0.2214.91

chromium-pulse
< 40.0.2214.91

CVE-2014-7923
CVE-2014-7924
CVE-2014-7925
CVE-2014-7926
CVE-2014-7927
CVE-2014-7928
CVE-2014-7929
CVE-2014-7930
CVE-2014-7931
CVE-2014-7932
CVE-2014-7933
CVE-2014-7934
CVE-2014-7935
CVE-2014-7936
CVE-2014-7937
CVE-2014-7938
CVE-2014-7939
CVE-2014-7940
CVE-2014-7941
CVE-2014-7942
CVE-2014-7943
CVE-2014-7944
CVE-2014-7945
CVE-2014-7946
CVE-2014-7947
CVE-2014-7948
CVE-2015-1205
http://googlechromereleases.blogspot.nl
f0b9049f-88c4-11e5-aed7-00262d5ed8eechromium -- multiple vulnerabilities

Google Chrome Releases reports:

[520422] High CVE-2015-1302: Information leak in PDF viewer. Credit to Rob Wu.


Discovery 2015-11-10
Entry 2015-11-11
chromium
chromium-npapi
chromium-pulse
< 46.0.2490.86

CVE-2015-1302
http://googlechromereleases.blogspot.nl/2015/11/stable-channel-update.html
f53dd5cc-527f-11e7-a772-e8e0b747a45achromium -- multiple vulnerabilities

Google Chrome releases reports:

5 security fixes in this release, including:

  • [725032] High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson on 2017-05-22
  • [729991] High CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong of Tencent Security Platform Department on 2017-06-06
  • [714196] Medium CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michal Bentkowski on 2017-04-21
  • [732498] Various fixes from internal audits, fuzzing and other initiatives

Discovery 2017-06-15
Entry 2017-06-16
chromium
chromium-pulse
< 59.0.3071.104

CVE-2017-5087
CVE-2017-5088
CVE-2017-5089
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html
f85fa236-e2a6-412e-b5c7-c42120892de5chromium -- multiple vulnerabilities

Google Chrome Releases reports:

[560011] High CVE-2016-1630: Same-origin bypass in Blink.

[569496] High CVE-2016-1631: Same-origin bypass in Pepper Plugin.

[549986] High CVE-2016-1632: Bad cast in Extensions.

[572537] High CVE-2016-1633: Use-after-free in Blink.

[559292] High CVE-2016-1634: Use-after-free in Blink.

[585268] High CVE-2016-1635: Use-after-free in Blink.

[584155] High CVE-2016-1636: SRI Validation Bypass.

[555544] Medium CVE-2016-1637: Information Leak in Skia.

[585282] Medium CVE-2016-1638: WebAPI Bypass.

[572224] Medium CVE-2016-1639: Use-after-free in WebRTC.

[550047] Medium CVE-2016-1640: Origin confusion in Extensions UI.

[583718] Medium CVE-2016-1641: Use-after-free in Favicon.

[591402] CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives.

Multiple vulnerabilities in V8 fixed.


Discovery 2016-03-02
Entry 2016-03-05
chromium
chromium-npapi
chromium-pulse
< 49.0.2623.75

CVE-2016-1630
CVE-2016-1631
CVE-2016-1632
CVE-2016-1633
CVE-2016-1634
CVE-2016-1635
CVE-2016-1636
CVE-2016-1637
CVE-2016-1638
CVE-2016-1639
CVE-2016-1640
CVE-2016-1641
CVE-2016-1642
http://googlechromereleases.blogspot.de/2016/03/stable-channel-update.html