Chrome Prior To 54.0.2840.59 For Windows, Mac, And Linux; 54.0.2840.85 For Android
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:chrome_prior_to_54.0.2840.59_for_windows,_mac,_and_linux;_54.0.2840.85_for_android:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Chrome Prior To 54.0.2840.59 For Windows, Mac, And Linux; 54.0.2840.85 For Android (3206a216-524a-545f-ac34-2154490c9ee4) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2016-5191 |
vulnerable | 2026-06-08 05:07:56.450173 |
Details available
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL.
Published: 2016-12-18T03:34:00.000Z
Updated: 2024-08-06T00:53:48.461Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-5190 |
vulnerable | 2026-06-08 05:07:56.449809 |
Details available
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
Published: 2016-12-18T03:34:00.000Z
Updated: 2024-08-06T00:53:48.688Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-5189 |
vulnerable | 2026-06-08 05:07:56.449462 |
Details available
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
Published: 2016-12-18T03:34:00.000Z
Updated: 2024-08-06T00:53:48.590Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-5186 |
vulnerable | 2026-06-08 05:07:56.445318 |
Details available
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
Published: 2016-12-18T03:34:00.000Z
Updated: 2024-08-06T00:53:48.672Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-5185 |
vulnerable | 2026-06-08 05:07:56.444983 |
Details available
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
Published: 2016-12-18T03:34:00.000Z
Updated: 2024-08-06T00:53:48.601Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-5184 |
vulnerable | 2026-06-08 05:07:56.444653 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-5183 |
vulnerable | 2026-06-08 05:07:56.444328 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-5182 |
vulnerable | 2026-06-08 05:07:56.443964 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-5181 |
vulnerable | 2026-06-08 05:07:56.443538 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.