Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:chrome_prior_to_54.0.2840.59_for_windows,_mac,_and_linux;_54.0.2840.85_for_android:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductChrome Prior To 54.0.2840.59 For Windows, Mac, And Linux; 54.0.2840.85 For Android (3206a216-524a-545f-ac34-2154490c9ee4)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2016-5191 vulnerable 2026-06-08 05:07:56.450173 Details available
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL.
Published: 2016-12-18T03:34:00.000Z
Updated: 2024-08-06T00:53:48.461Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-5190 vulnerable 2026-06-08 05:07:56.449809 Details available
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
Published: 2016-12-18T03:34:00.000Z
Updated: 2024-08-06T00:53:48.688Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-5189 vulnerable 2026-06-08 05:07:56.449462 Details available
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
Published: 2016-12-18T03:34:00.000Z
Updated: 2024-08-06T00:53:48.590Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-5186 vulnerable 2026-06-08 05:07:56.445318 Details available
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
Published: 2016-12-18T03:34:00.000Z
Updated: 2024-08-06T00:53:48.672Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-5185 vulnerable 2026-06-08 05:07:56.444983 Details available
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
Published: 2016-12-18T03:34:00.000Z
Updated: 2024-08-06T00:53:48.601Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-5184 vulnerable 2026-06-08 05:07:56.444653 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-5183 vulnerable 2026-06-08 05:07:56.444328 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-5182 vulnerable 2026-06-08 05:07:56.443964 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-5181 vulnerable 2026-06-08 05:07:56.443538 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.