Chrome Security Vulnerabilities and Issues — Page 17 of Chrome CVE List

Lucene search

GoogleChrome

3667 matches found

CVE•added 2022/07/21 11:15 p.m.•203 views

CVE-2022-0974

Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00621EPSS

CVE•added 2022/07/26 10:15 p.m.•203 views

CVE-2022-1497

Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.

6.5CVSS6.1AI score0.00094EPSS

CVE•added 2023/01/10 8:15 p.m.•203 views

CVE-2023-0141

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS3.6AI score0.00105EPSS

CVE•added 2019/11/25 3:15 p.m.•202 views

CVE-2019-5858

Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS8.4AI score0.003EPSS

CVE•added 2021/02/09 2:15 p.m.•202 views

CVE-2021-21121

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.01546EPSS

CVE•added 2021/02/09 2:15 p.m.•202 views

CVE-2021-21135

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.4AI score0.24927EPSS

CVE•added 2021/06/07 8:15 p.m.•202 views

CVE-2021-30536

Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.

8.1CVSS7.8AI score0.00805EPSS

CVE•added 2021/08/03 8:15 p.m.•202 views

CVE-2021-30585

Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9.1AI score0.00642EPSS

CVE•added 2022/07/23 12:15 a.m.•202 views

CVE-2022-1145

Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction.

7.5CVSS8.2AI score0.00249EPSS

CVE•added 2022/07/26 10:15 p.m.•202 views

CVE-2022-1639

Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00574EPSS

CVE•added 2022/07/27 10:15 p.m.•202 views

CVE-2022-1862

Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.

6.5CVSS6.6AI score0.00212EPSS

CVE•added 2022/07/28 1:15 a.m.•202 views

CVE-2022-2161

Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8CVSS8.9AI score0.0049EPSS

CVE•added 2023/01/10 8:15 p.m.•202 views

CVE-2023-0138

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

8.8CVSS8.7AI score0.00475EPSS

CVE•added 2023/11/01 6:15 p.m.•202 views

CVE-2023-5856

Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS8.8AI score0.00557EPSS

CVE•added 2024/05/07 7:15 p.m.•202 views

CVE-2024-4558

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.5AI score0.01413EPSS

CVE•added 2022/07/23 12:15 a.m.•201 views

CVE-2022-1136

Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures.

8.8CVSS8.9AI score0.00179EPSS

CVE•added 2022/07/26 10:15 p.m.•201 views

CVE-2022-1490

Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.0083EPSS

CVE•added 2023/11/01 6:15 p.m.•201 views

CVE-2023-5855

Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

8.8CVSS8.9AI score0.00557EPSS

CVE•added 2020/09/21 8:15 p.m.•200 views

CVE-2020-6554

Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

8.6CVSS8.6AI score0.00316EPSS

CVE•added 2021/02/09 2:15 p.m.•200 views

CVE-2021-21122

Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01993EPSS

CVE•added 2021/06/04 6:15 p.m.•200 views

CVE-2021-30514

Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00579EPSS

CVE•added 2021/06/07 8:15 p.m.•200 views

CVE-2021-30532

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

4.3CVSS4.9AI score0.00418EPSS

CVE•added 2022/07/22 5:15 p.m.•200 views

CVE-2022-0978

Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00536EPSS

CVE•added 2022/07/25 2:15 p.m.•200 views

CVE-2022-1305

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00487EPSS

CVE•added 2022/07/27 10:15 p.m.•200 views

CVE-2022-1865

Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.

8.8CVSS9.1AI score0.00166EPSS

CVE•added 2016/09/11 10:59 a.m.•199 views

CVE-2016-5157

Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.

8.8CVSS7.8AI score0.06592EPSS

CVE•added 2021/02/09 2:15 p.m.•199 views

CVE-2021-21119

Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01993EPSS

CVE•added 2021/03/09 6:15 p.m.•199 views

CVE-2021-21188

Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01282EPSS

CVE•added 2022/07/27 10:15 p.m.•199 views

CVE-2022-1870

Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

8.8CVSS9AI score0.00146EPSS

CVE•added 2020/09/21 8:15 p.m.•198 views

CVE-2020-15962

Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8CVSS8.3AI score0.03365EPSS

CVE•added 2020/04/13 6:15 p.m.•198 views

CVE-2020-6452

Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01104EPSS

CVE•added 2020/09/21 8:15 p.m.•198 views

CVE-2020-6545

Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01036EPSS

CVE•added 2021/04/26 5:15 p.m.•198 views

CVE-2021-21204

Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01401EPSS

CVE•added 2021/08/03 8:15 p.m.•198 views

CVE-2021-30567

Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture.

8.8CVSS9.1AI score0.00258EPSS

CVE•added 2021/08/03 8:15 p.m.•198 views

CVE-2021-30572

Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00805EPSS

CVE•added 2022/07/27 10:15 p.m.•198 views

CVE-2022-1871

Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page.

4.3CVSS5.1AI score0.0019EPSS

CVE•added 2023/11/01 6:15 p.m.•198 views

CVE-2023-5858

Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00672EPSS

CVE•added 2020/01/03 11:15 p.m.•197 views

CVE-2019-13766

Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7.2AI score0.00457EPSS

CVE•added 2020/09/21 8:15 p.m.•197 views

CVE-2020-15964

Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.02693EPSS

CVE•added 2020/09/21 8:15 p.m.•197 views

CVE-2020-6550

Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.3CVSS8.8AI score0.17688EPSS

CVE•added 2021/02/09 2:15 p.m.•197 views

CVE-2021-21127

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.

8.8CVSS8.1AI score0.01167EPSS

CVE•added 2021/06/07 8:15 p.m.•197 views

CVE-2021-30525

Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00277EPSS

CVE•added 2021/06/07 8:15 p.m.•197 views

CVE-2021-30526

Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

8.8CVSS8.1AI score0.00258EPSS

CVE•added 2021/06/07 8:15 p.m.•197 views

CVE-2021-30534

Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5CVSS6.2AI score0.00088EPSS

CVE•added 2021/08/03 8:15 p.m.•197 views

CVE-2021-30566

Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.

8.8CVSS8.7AI score0.00803EPSS

CVE•added 2022/07/22 5:15 p.m.•197 views

CVE-2022-0979

Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.00791EPSS

CVE•added 2023/10/25 6:17 p.m.•197 views

CVE-2023-5472

Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00704EPSS

CVE•added 2023/11/01 6:15 p.m.•197 views

CVE-2023-5852

Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

8.8CVSS8.9AI score0.00557EPSS

CVE•added 2020/11/03 3:15 a.m.•196 views

CVE-2020-16011

Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.1AI score0.01598EPSS

CVE•added 2020/04/13 6:15 p.m.•196 views

CVE-2020-6432

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.00736EPSS

Total number of security vulnerabilities3667