Chrome Security Vulnerabilities and Issues — Page 14 of Chrome CVE List

Lucene search

GoogleChrome

3646 matches found

CVE•added 2024/08/21 9:15 p.m.•222 views

CVE-2024-7968

Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.2AI score0.00272EPSS

CVE•added 2024/11/12 9:15 p.m.•221 views

CVE-2024-11112

Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.1AI score0.00226EPSS

CVE•added 2024/11/12 9:15 p.m.•221 views

CVE-2024-11114

Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

8.3CVSS6.5AI score0.00167EPSS

CVE•added 2024/07/16 10:15 p.m.•221 views

CVE-2024-6775

Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.0026EPSS

CVE•added 2024/08/21 9:15 p.m.•221 views

CVE-2024-7979

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)

7.8CVSS6.7AI score0.00011EPSS

CVE•added 2019/11/25 3:15 p.m.•220 views

CVE-2019-13667

Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.7AI score0.00236EPSS

CVE•added 2019/11/25 3:15 p.m.•220 views

CVE-2019-13705

Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.

4.3CVSS5AI score0.00226EPSS

CVE•added 2021/06/15 10:15 p.m.•220 views

CVE-2021-30546

Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00605EPSS

CVE•added 2022/07/27 10:15 p.m.•220 views

CVE-2022-1857

Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page.

8.8CVSS8AI score0.00069EPSS

CVE•added 2024/01/16 10:15 p.m.•220 views

CVE-2024-0517

Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.58012EPSS

CVE•added 2024/07/16 10:15 p.m.•220 views

CVE-2024-6777

Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

8.8CVSS6.8AI score0.00062EPSS

CVE•added 2024/07/16 10:15 p.m.•220 views

CVE-2024-6778

Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

8.8CVSS6.2AI score0.16842EPSS

CVE•added 2019/11/25 3:15 p.m.•219 views

CVE-2019-13709

Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

6.5CVSS6.2AI score0.0017EPSS

CVE•added 2019/05/23 8:29 p.m.•219 views

CVE-2019-5801

Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.2AI score0.00223EPSS

CVE•added 2020/02/11 3:15 p.m.•219 views

CVE-2020-6409

Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name.

8.8CVSS7.8AI score0.00866EPSS

CVE•added 2021/06/15 10:15 p.m.•219 views

CVE-2021-30545

Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00605EPSS

CVE•added 2024/08/21 9:15 p.m.•219 views

CVE-2024-7972

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS6.6AI score0.00216EPSS

CVE•added 2019/12/10 10:15 p.m.•218 views

CVE-2019-13728

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.5AI score0.03148EPSS

CVE•added 2019/12/10 10:15 p.m.•218 views

CVE-2019-13744

Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.02568EPSS

CVE•added 2019/02/19 5:29 p.m.•218 views

CVE-2019-5765

An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.

5.5CVSS5.4AI score0.00131EPSS

CVE•added 2021/01/08 7:15 p.m.•218 views

CVE-2020-16040

Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS6.8AI score0.81866EPSS

CVE•added 2024/08/21 9:15 p.m.•218 views

CVE-2024-7964

Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.2AI score0.00272EPSS

CVE•added 2024/09/17 9:15 p.m.•218 views

CVE-2024-8908

Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.2AI score0.00097EPSS

CVE•added 2019/11/25 3:15 p.m.•217 views

CVE-2019-13707

Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.

5.5CVSS5.5AI score0.00198EPSS

CVE•added 2019/06/27 5:15 p.m.•217 views

CVE-2019-5806

Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01514EPSS

CVE•added 2021/02/22 10:15 p.m.•217 views

CVE-2021-21149

Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

8.8CVSS8.6AI score0.00865EPSS

CVE•added 2021/02/22 10:15 p.m.•217 views

CVE-2021-21152

Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.00968EPSS

CVE•added 2021/06/04 6:15 p.m.•217 views

CVE-2021-30506

Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.

8.8CVSS7.7AI score0.00306EPSS

CVE•added 2024/08/21 9:15 p.m.•217 views

CVE-2024-7966

Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00277EPSS

CVE•added 2019/12/10 10:15 p.m.•216 views

CVE-2019-13727

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

8.8CVSS7.7AI score0.01281EPSS

CVE•added 2019/11/25 3:15 p.m.•216 views

CVE-2019-5876

Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.00356EPSS

CVE•added 2021/02/09 2:15 p.m.•216 views

CVE-2021-21132

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

9.6CVSS8.7AI score0.15757EPSS

CVE•added 2021/06/04 6:15 p.m.•216 views

CVE-2021-30508

Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.0033EPSS

CVE•added 2022/04/05 1:15 a.m.•216 views

CVE-2022-0792

Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7.1AI score0.00409EPSS

CVE•added 2022/07/26 10:15 p.m.•216 views

CVE-2022-1499

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

6.3CVSS6.1AI score0.00045EPSS

CVE•added 2019/11/25 3:15 p.m.•215 views

CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL.

6.1CVSS6.2AI score0.00317EPSS

CVE•added 2021/06/07 8:15 p.m.•215 views

CVE-2021-30539

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

5.8CVSS5.6AI score0.00104EPSS

CVE•added 2022/07/25 2:15 p.m.•215 views

CVE-2022-1314

Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00356EPSS

CVE•added 2022/07/26 10:15 p.m.•215 views

CVE-2022-1488

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.

4.3CVSS5AI score0.00086EPSS

CVE•added 2022/07/27 10:15 p.m.•215 views

CVE-2022-1869

Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7.1AI score0.00062EPSS

CVE•added 2022/07/28 2:15 a.m.•215 views

CVE-2022-2480

Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.1484EPSS

CVE•added 2019/02/19 5:29 p.m.•214 views

CVE-2019-5774

Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.

8.8CVSS6.9AI score0.00917EPSS

CVE•added 2019/02/19 5:29 p.m.•214 views

CVE-2019-5781

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5CVSS5.6AI score0.00852EPSS

CVE•added 2021/02/22 10:15 p.m.•214 views

CVE-2021-21150

Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.3AI score0.00779EPSS

CVE•added 2022/04/05 1:15 a.m.•214 views

CVE-2022-0795

Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00311EPSS

CVE•added 2022/04/05 1:15 a.m.•214 views

CVE-2022-0800

Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00948EPSS

CVE•added 2022/07/26 10:15 p.m.•214 views

CVE-2022-1492

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.

6.1CVSS6.2AI score0.00087EPSS

CVE•added 2023/10/11 11:15 p.m.•214 views

CVE-2023-5484

Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.3AI score0.00207EPSS

CVE•added 2019/11/25 3:15 p.m.•213 views

CVE-2019-13704

Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page.

4.3CVSS4.8AI score0.0017EPSS

CVE•added 2019/11/25 3:15 p.m.•213 views

CVE-2019-13724

Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.5AI score0.00787EPSS

Total number of security vulnerabilities3646