Lucene search

Chrome Security Vulnerabilities

cve

CVE-2023-6512

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)

6.5CVSS

6.2AI Score

0.001EPSS

2023-12-06 02:15 AM

cve

CVE-2023-6702

Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.4AI Score

0.001EPSS

2023-12-14 10:15 PM

cve

CVE-2023-6703

Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-14 10:15 PM

cve

CVE-2023-6704

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-14 10:15 PM

cve

CVE-2023-6705

Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-14 10:15 PM

cve

CVE-2023-6706

Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.7AI Score

0.001EPSS

2023-12-14 10:15 PM

cve

CVE-2023-6707

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-14 10:15 PM

cve

CVE-2023-7010

Use after free in WebRTC in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

7AI Score

0.0004EPSS

2024-07-16 11:15 PM

cve

CVE-2023-7011

Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS

6AI Score

0.0004EPSS

2024-07-16 11:15 PM

cve

CVE-2023-7012

Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium)

7.5CVSS

6.5AI Score

0.0004EPSS

2024-07-16 11:15 PM

cve

CVE-2023-7013

Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

6.1AI Score

0.0004EPSS

2024-07-16 11:15 PM

cve

CVE-2023-7024

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.9AI Score

0.007EPSS

2023-12-21 11:15 PM

225

In Wild

cve

CVE-2023-7261

Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)

7.3CVSS

6AI Score

0.001EPSS

2024-06-07 08:15 PM

cve

CVE-2024-0222

Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.8AI Score

0.001EPSS

2024-01-04 02:15 AM

cve

CVE-2024-0223

Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.7AI Score

0.002EPSS

2024-01-04 02:15 AM

cve

CVE-2024-0224

Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.8AI Score

0.001EPSS

2024-01-04 02:15 AM

cve

CVE-2024-0225

Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.8AI Score

0.001EPSS

2024-01-04 02:15 AM

cve

CVE-2024-0333

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)

5.3CVSS

4.6AI Score

0.001EPSS

2024-01-10 10:15 PM

cve

CVE-2024-0517

Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.5AI Score

0.001EPSS

2024-01-16 10:15 PM

cve

CVE-2024-0518

Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.4AI Score

0.001EPSS

2024-01-16 10:15 PM

cve

CVE-2024-0519

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.5AI Score

0.002EPSS

2024-01-16 10:15 PM

167

In Wild

cve

CVE-2024-0804

Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

7.5CVSS

7.1AI Score

0.001EPSS

2024-01-24 12:15 AM

cve

CVE-2024-0805

Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)

4.3CVSS

5.4AI Score

0.001EPSS

2024-01-24 12:15 AM

cve

CVE-2024-0806

Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

8.8CVSS

9.3AI Score

0.001EPSS

2024-01-24 12:15 AM

cve

CVE-2024-0807

Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

9.2AI Score

0.001EPSS

2024-01-24 12:15 AM

cve

CVE-2024-0808

Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

9.8CVSS

9AI Score

0.001EPSS

2024-01-24 12:15 AM

cve

CVE-2024-0809

Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS

5.2AI Score

0.001EPSS

2024-01-24 12:15 AM

cve

CVE-2024-0810

Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)

4.3CVSS

5.4AI Score

0.001EPSS

2024-01-24 12:15 AM

cve

CVE-2024-0811

Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

4.3CVSS

5.4AI Score

0.001EPSS

2024-01-24 12:15 AM

cve

CVE-2024-0812

Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.6AI Score

0.001EPSS

2024-01-24 12:15 AM

cve

CVE-2024-0813

Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

8.8CVSS

9.3AI Score

0.001EPSS

2024-01-24 12:15 AM

cve

CVE-2024-0814

Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS

6.7AI Score

0.001EPSS

2024-01-24 12:15 AM

cve

CVE-2024-1059

Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.6AI Score

0.001EPSS

2024-01-30 10:15 PM

cve

CVE-2024-1060

Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

8.8AI Score

0.001EPSS

2024-01-30 10:15 PM

cve

CVE-2024-1077

Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

8.8CVSS

8.8AI Score

0.001EPSS

2024-01-30 10:15 PM

cve

CVE-2024-1283

Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

9.8CVSS

9.3AI Score

0.001EPSS

2024-02-07 12:15 AM

cve

CVE-2024-1284

Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

9.8CVSS

9.4AI Score

0.001EPSS

2024-02-07 12:15 AM

cve

CVE-2024-1669

Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

5.1AI Score

0.0004EPSS

2024-02-21 04:15 AM

5071

cve

CVE-2024-1670

Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

5.8AI Score

0.0004EPSS

2024-02-21 04:15 AM

4537

cve

CVE-2024-1671

Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

4.8AI Score

0.0004EPSS

2024-02-21 04:15 AM

5071

cve

CVE-2024-1672

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS

4.8AI Score

0.0004EPSS

2024-02-21 04:15 AM

3878

cve

CVE-2024-1673

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

8.8CVSS

5.9AI Score

0.0004EPSS

2024-02-21 04:15 AM

3891

cve

CVE-2024-1674

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

4.8AI Score

0.0004EPSS

2024-02-21 04:15 AM

5048

cve

CVE-2024-1675

Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

4.8AI Score

0.0004EPSS

2024-02-21 04:15 AM

5035

cve

CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

4.7AI Score

0.0004EPSS

2024-02-21 04:15 AM

5047

cve

CVE-2024-1694

Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High)

7.8CVSS

5.7AI Score

0.0004EPSS

2024-06-07 08:15 PM

cve

CVE-2024-1938

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

6.3AI Score

0.0004EPSS

2024-02-29 01:43 AM

cve

CVE-2024-1939

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

6.4AI Score

0.0004EPSS

2024-02-29 01:43 AM

cve

CVE-2024-2173

Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

6.8CVSS

8.6AI Score

0.0004EPSS

2024-03-06 07:15 PM

cve

CVE-2024-2174

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS

5.7AI Score

0.0004EPSS

2024-03-06 07:15 PM

Total number of security vulnerabilities3511