Chrome Security Vulnerabilities and Issues — Page 16 of Chrome CVE List

Lucene search

GoogleChrome

3646 matches found

CVE•added 2021/02/09 2:15 p.m.•205 views

CVE-2021-21123

Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

6.5CVSS6.5AI score0.02848EPSS

CVE•added 2021/03/16 3:15 p.m.•205 views

CVE-2021-21192

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.01464EPSS

CVE•added 2021/06/04 6:15 p.m.•205 views

CVE-2021-30507

Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

8.8CVSS7.6AI score0.00532EPSS

CVE•added 2021/08/03 8:15 p.m.•205 views

CVE-2021-30574

Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00805EPSS

CVE•added 2022/04/05 1:15 a.m.•205 views

CVE-2022-0802

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.3AI score0.00222EPSS

CVE•added 2019/06/27 5:15 p.m.•204 views

CVE-2018-6156

Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

8.8CVSS8.4AI score0.00603EPSS

CVE•added 2020/01/03 11:15 p.m.•204 views

CVE-2019-13765

Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7AI score0.00429EPSS

CVE•added 2019/02/19 5:29 p.m.•204 views

CVE-2019-5762

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

8.8CVSS6.9AI score0.02538EPSS

CVE•added 2020/09/21 8:15 p.m.•204 views

CVE-2020-15963

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

9.6CVSS8.7AI score0.01511EPSS

CVE•added 2021/04/26 5:15 p.m.•204 views

CVE-2021-21209

Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.4AI score0.00743EPSS

CVE•added 2021/06/07 8:15 p.m.•204 views

CVE-2021-30530

Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

8.8CVSS8AI score0.00584EPSS

CVE•added 2023/03/07 10:15 p.m.•204 views

CVE-2023-1228

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS4.2AI score0.00013EPSS

CVE•added 2019/06/27 5:15 p.m.•203 views

CVE-2019-5823

Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

5.8CVSS5.6AI score0.00619EPSS

CVE•added 2021/06/04 6:15 p.m.•203 views

CVE-2021-30519

Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00253EPSS

CVE•added 2023/01/02 11:15 p.m.•203 views

CVE-2022-2743

Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)

8.8CVSS8.5AI score0.00543EPSS

CVE•added 2023/03/07 10:15 p.m.•203 views

CVE-2023-1231

Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.7AI score0.00073EPSS

CVE•added 2025/05/06 10:15 p.m.•203 views

CVE-2025-4372

Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.1AI score0.00058EPSS

CVE•added 2019/11/25 3:15 p.m.•202 views

CVE-2019-5854

Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.8AI score0.00356EPSS

CVE•added 2021/06/04 6:15 p.m.•202 views

CVE-2021-30511

Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

8.1CVSS7.6AI score0.00253EPSS

CVE•added 2021/06/07 8:15 p.m.•202 views

CVE-2021-30538

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

4.3CVSS4.9AI score0.00153EPSS

CVE•added 2021/08/03 8:15 p.m.•202 views

CVE-2021-30569

Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00805EPSS

CVE•added 2022/07/23 12:15 a.m.•202 views

CVE-2022-1139

Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00119EPSS

CVE•added 2023/08/15 6:15 p.m.•202 views

CVE-2023-4361

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)

5.3CVSS5.4AI score0.0004EPSS

CVE•added 2019/02/19 5:29 p.m.•201 views

CVE-2019-5764

Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01527EPSS

CVE•added 2019/02/19 5:29 p.m.•201 views

CVE-2019-5772

Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS6.2AI score0.01655EPSS

CVE•added 2021/06/07 8:15 p.m.•201 views

CVE-2021-30522

Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00917EPSS

CVE•added 2021/08/03 8:15 p.m.•201 views

CVE-2021-30578

Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

8.8CVSS8.3AI score0.00805EPSS

CVE•added 2022/04/05 12:15 a.m.•201 views

CVE-2022-0608

Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.5AI score0.00395EPSS

CVE•added 2022/07/21 11:15 p.m.•201 views

CVE-2022-0974

Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00418EPSS

CVE•added 2022/07/23 12:15 a.m.•201 views

CVE-2022-1135

Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction.

8.8CVSS8.9AI score0.00249EPSS

CVE•added 2021/02/09 2:15 p.m.•200 views

CVE-2021-21121

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.01546EPSS

CVE•added 2021/06/07 8:15 p.m.•200 views

CVE-2021-30528

Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.00838EPSS

CVE•added 2021/08/03 8:15 p.m.•200 views

CVE-2021-30576

Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00258EPSS

CVE•added 2021/08/03 8:15 p.m.•200 views

CVE-2021-30585

Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9.1AI score0.00642EPSS

CVE•added 2022/04/05 12:15 a.m.•200 views

CVE-2022-0604

Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00247EPSS

CVE•added 2022/04/05 12:15 a.m.•200 views

CVE-2022-0607

Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00536EPSS

CVE•added 2022/07/23 12:15 a.m.•200 views

CVE-2022-1145

Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction.

7.5CVSS8.2AI score0.00128EPSS

CVE•added 2022/07/26 10:15 p.m.•200 views

CVE-2022-1639

Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00435EPSS

CVE•added 2022/07/27 10:15 p.m.•200 views

CVE-2022-1862

Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.

6.5CVSS6.6AI score0.00042EPSS

CVE•added 2023/01/10 8:15 p.m.•200 views

CVE-2023-0141

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS3.6AI score0.00105EPSS

CVE•added 2023/03/07 10:15 p.m.•200 views

CVE-2023-1230

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.8AI score0.00082EPSS

CVE•added 2021/02/09 2:15 p.m.•199 views

CVE-2021-21135

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.4AI score0.24927EPSS

CVE•added 2021/06/07 8:15 p.m.•199 views

CVE-2021-30536

Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.

8.1CVSS7.8AI score0.00805EPSS

CVE•added 2022/07/26 10:15 p.m.•199 views

CVE-2022-1497

Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.

6.5CVSS6.1AI score0.00088EPSS

CVE•added 2022/07/28 1:15 a.m.•199 views

CVE-2022-2161

Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8CVSS8.9AI score0.00275EPSS

CVE•added 2023/01/10 8:15 p.m.•199 views

CVE-2023-0138

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

8.8CVSS8.7AI score0.00475EPSS

CVE•added 2023/03/21 9:15 p.m.•199 views

CVE-2023-1532

Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00467EPSS

CVE•added 2020/11/03 3:15 a.m.•198 views

CVE-2020-15972

Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.2AI score0.03497EPSS

CVE•added 2021/02/09 2:15 p.m.•198 views

CVE-2021-21122

Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01993EPSS

CVE•added 2021/06/04 6:15 p.m.•198 views

CVE-2021-30514

Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00579EPSS

Total number of security vulnerabilities3646