Chrome Security Vulnerabilities and Issues — Page 15 of Chrome CVE List

Lucene search

GoogleChrome

1269 matches found

cve•added 2023/08/15 6:15 p.m.•140 views

CVE-2023-2312

Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.7AI score0.00746EPSS

cve•added 2021/10/08 10:15 p.m.•139 views

CVE-2021-37959

Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00102EPSS

cve•added 2022/11/01 7:15 p.m.•139 views

CVE-2022-3304

Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00346EPSS

cve•added 2022/11/30 12:15 a.m.•139 views

CVE-2022-4180

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

8.8CVSS8.8AI score0.00077EPSS

cve•added 2023/02/22 8:15 p.m.•139 views

CVE-2023-0930

Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.0044EPSS

cve•added 2023/05/30 10:15 p.m.•139 views

CVE-2023-2935

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.07628EPSS

cve•added 2019/01/09 7:29 p.m.•138 views

CVE-2018-16071

A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

8.8CVSS8.8AI score0.19891EPSS

cve•added 2018/12/11 4:29 p.m.•138 views

CVE-2018-18359

Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8AI score0.01225EPSS

cve•added 2022/04/05 1:15 a.m.•138 views

CVE-2022-0469

Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00203EPSS

cve•added 2022/04/05 1:15 a.m.•138 views

CVE-2022-0797

Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

8.8CVSS8.3AI score0.00515EPSS

cve•added 2022/08/12 8:15 p.m.•138 views

CVE-2022-2607

Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8CVSS8.9AI score0.00572EPSS

cve•added 2022/09/26 4:15 p.m.•138 views

CVE-2022-3041

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00475EPSS

cve•added 2022/11/30 12:15 a.m.•138 views

CVE-2022-4181

Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00279EPSS

cve•added 2023/03/07 10:15 p.m.•138 views

CVE-2023-1213

Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.9AI score0.0011EPSS

cve•added 2023/05/16 7:15 p.m.•138 views

CVE-2023-2722

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.7AI score0.00258EPSS

cve•added 2023/08/15 6:15 p.m.•138 views

CVE-2023-4354

Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.6AI score0.01758EPSS

cve•added 2019/01/09 7:29 p.m.•137 views

CVE-2018-6124

Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8CVSS6.1AI score0.02059EPSS

cve•added 2022/04/05 1:15 a.m.•137 views

CVE-2022-0454

Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.00371EPSS

cve•added 2023/05/30 10:15 p.m.•137 views

CVE-2023-2932

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

8.8CVSS8.8AI score0.0039EPSS

cve•added 2023/06/13 6:15 p.m.•137 views

CVE-2023-3214

Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS8.8AI score0.01131EPSS

cve•added 2023/06/13 6:15 p.m.•137 views

CVE-2023-3216

Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.00445EPSS

cve•added 2023/11/15 6:15 p.m.•137 views

CVE-2023-6112

Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.18312EPSS

cve•added 2024/02/29 1:43 a.m.•137 views

CVE-2024-1938

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.3AI score0.00205EPSS

cve•added 2018/12/11 4:29 p.m.•136 views

CVE-2018-18336

Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.4AI score0.01655EPSS

cve•added 2018/12/11 4:29 p.m.•136 views

CVE-2018-18341

An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01926EPSS

cve•added 2021/10/08 10:15 p.m.•136 views

CVE-2021-37957

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00391EPSS

cve•added 2021/11/02 10:15 p.m.•136 views

CVE-2021-37982

Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01308EPSS

cve•added 2022/07/28 2:15 a.m.•136 views

CVE-2022-2296

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

8.8CVSS8.9AI score0.00641EPSS

cve•added 2022/09/26 4:15 p.m.•136 views

CVE-2022-3199

Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.0088EPSS

cve•added 2018/11/14 3:29 p.m.•135 views

CVE-2018-6057

Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.

8.8CVSS7.5AI score0.00564EPSS

cve•added 2022/07/26 10:15 p.m.•135 views

CVE-2022-1489

Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.

8.8CVSS8.6AI score0.00705EPSS

cve•added 2022/07/27 10:15 p.m.•135 views

CVE-2022-1860

Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions.

8.8CVSS9.1AI score0.00736EPSS

cve•added 2022/07/27 10:15 p.m.•135 views

CVE-2022-1876

Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.00147EPSS

cve•added 2022/12/14 6:15 a.m.•135 views

CVE-2022-4436

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00183EPSS

cve•added 2018/12/11 4:29 p.m.•134 views

CVE-2018-18338

Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01655EPSS

cve•added 2023/08/15 6:15 p.m.•134 views

CVE-2023-4355

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.36845EPSS

cve•added 2018/11/14 3:29 p.m.•133 views

CVE-2018-6073

A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

8.8CVSS8.4AI score0.01166EPSS

cve•added 2019/01/09 7:29 p.m.•133 views

CVE-2018-6120

An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

8.8CVSS8.7AI score0.02538EPSS

cve•added 2021/10/08 10:15 p.m.•133 views

CVE-2021-37956

Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.00482EPSS

cve•added 2021/10/08 10:15 p.m.•133 views

CVE-2021-37961

Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00637EPSS

cve•added 2021/12/23 1:15 a.m.•133 views

CVE-2021-38007

Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00476EPSS

cve•added 2022/11/09 4:15 a.m.•133 views

CVE-2022-3887

Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS9AI score0.00224EPSS

cve•added 2023/03/07 10:15 p.m.•133 views

CVE-2023-1215

Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.00107EPSS

cve•added 2023/05/16 7:15 p.m.•133 views

CVE-2023-2726

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.8AI score0.0002EPSS

cve•added 2023/08/15 6:15 p.m.•133 views

CVE-2023-4368

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.8AI score0.00043EPSS

cve•added 2021/12/23 1:15 a.m.•132 views

CVE-2021-4058

Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.02126EPSS

cve•added 2022/09/26 4:15 p.m.•132 views

CVE-2022-2854

Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00571EPSS

cve•added 2022/11/09 4:15 a.m.•132 views

CVE-2022-3886

Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS9AI score0.00203EPSS

cve•added 2019/06/27 5:15 p.m.•131 views

CVE-2018-6138

Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

8.1CVSS5.8AI score0.00124EPSS

cve•added 2019/06/27 5:15 p.m.•131 views

CVE-2018-6154

Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.00301EPSS

Total number of security vulnerabilities1269