Chrome Security Vulnerabilities and Issues — Page 18 of Chrome CVE List

Lucene search

GoogleChrome

1269 matches found

cve•added 2021/12/23 1:15 a.m.•117 views

CVE-2021-4056

Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.00563EPSS

cve•added 2022/02/12 2:15 a.m.•117 views

CVE-2022-0310

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.

8.8CVSS9AI score0.00672EPSS

cve•added 2022/07/25 2:15 p.m.•117 views

CVE-2022-1308

Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00366EPSS

cve•added 2022/11/01 3:15 a.m.•117 views

CVE-2022-3373

Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.1AI score0.00474EPSS

cve•added 2023/07/29 12:15 a.m.•117 views

CVE-2022-4907

Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS8.6AI score0.01448EPSS

cve•added 2023/02/07 9:15 p.m.•117 views

CVE-2023-0701

Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium)

8.8CVSS8.7AI score0.00313EPSS

cve•added 2025/04/02 1:15 a.m.•117 views

CVE-2025-3066

Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00168EPSS

cve•added 2016/07/23 7:59 p.m.•116 views

CVE-2016-5129

Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.

8.8CVSS9.1AI score0.01328EPSS

cve•added 2018/11/14 3:29 p.m.•116 views

CVE-2018-17465

Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01655EPSS

cve•added 2018/11/14 3:29 p.m.•116 views

CVE-2018-6071

An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.1AI score0.00732EPSS

cve•added 2022/07/27 10:15 p.m.•116 views

CVE-2022-1866

Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.

8.8CVSS9.2AI score0.00758EPSS

cve•added 2017/10/27 5:29 a.m.•115 views

CVE-2017-5088

Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

8.8CVSS8AI score0.00911EPSS

cve•added 2021/11/02 10:15 p.m.•115 views

CVE-2021-37985

Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01094EPSS

cve•added 2022/02/12 2:15 a.m.•115 views

CVE-2022-0293

Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00658EPSS

cve•added 2022/07/27 10:15 p.m.•115 views

CVE-2022-1861

Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction.

8.8CVSS9.2AI score0.00736EPSS

cve•added 2022/11/30 12:15 a.m.•115 views

CVE-2022-4190

Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.7AI score0.00044EPSS

cve•added 2022/11/30 12:15 a.m.•115 views

CVE-2022-4193

Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.7AI score0.00044EPSS

cve•added 2023/08/15 6:15 p.m.•115 views

CVE-2023-4353

Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.7AI score0.01287EPSS

cve•added 2019/01/09 7:29 p.m.•114 views

CVE-2018-16083

An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.3AI score0.19891EPSS

cve•added 2018/09/25 2:29 p.m.•114 views

CVE-2018-6031

Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS6.7AI score0.01624EPSS

cve•added 2018/11/14 3:29 p.m.•114 views

CVE-2018-6072

An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.7AI score0.00991EPSS

cve•added 2022/07/25 2:15 p.m.•114 views

CVE-2022-1311

Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9.1AI score0.01099EPSS

cve•added 2023/04/19 4:15 a.m.•114 views

CVE-2023-2134

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.7AI score0.00427EPSS

cve•added 2023/12/14 10:15 p.m.•114 views

CVE-2023-6702

Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.37214EPSS

cve•added 2019/06/27 5:15 p.m.•113 views

CVE-2018-17478

Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8CVSS8.2AI score0.00327EPSS

cve•added 2019/01/09 7:29 p.m.•113 views

CVE-2018-6153

A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.

8.8CVSS8AI score0.01655EPSS

cve•added 2021/11/23 10:15 p.m.•113 views

CVE-2021-37997

Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00989EPSS

cve•added 2021/12/23 1:15 a.m.•113 views

CVE-2021-4052

Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

8.8CVSS8.8AI score0.00157EPSS

cve•added 2024/01/04 2:15 a.m.•113 views

CVE-2024-0224

Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00565EPSS

cve•added 2019/01/09 7:29 p.m.•112 views

CVE-2018-6139

Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

8.8CVSS6.5AI score0.01007EPSS

cve•added 2022/09/26 4:15 p.m.•112 views

CVE-2022-2858

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.

8.8CVSS8.9AI score0.00642EPSS

cve•added 2022/11/01 8:15 p.m.•112 views

CVE-2022-3307

Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00307EPSS

cve•added 2023/05/03 12:15 a.m.•112 views

CVE-2023-2461

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)

8.8CVSS8.9AI score0.00351EPSS

cve•added 2018/11/14 3:29 p.m.•111 views

CVE-2018-6074

Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.

8.8CVSS7.7AI score0.00581EPSS

cve•added 2018/12/04 5:29 p.m.•111 views

CVE-2018-6088

An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

8.8CVSS8.5AI score0.02538EPSS

cve•added 2019/11/25 3:15 p.m.•111 views

CVE-2019-13692

Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.

8.8CVSS8AI score0.00088EPSS

cve•added 2019/02/19 5:29 p.m.•111 views

CVE-2019-5783

Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page.

8.8CVSS7.6AI score0.0069EPSS

cve•added 2022/11/01 11:15 p.m.•111 views

CVE-2022-3654

Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.2423EPSS

cve•added 2022/12/14 6:15 a.m.•111 views

CVE-2022-4438

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.0022EPSS

cve•added 2023/02/07 9:15 p.m.•111 views

CVE-2023-0702

Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS8.3AI score0.00146EPSS

cve•added 2023/08/15 6:15 p.m.•111 views

CVE-2023-4358

Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS8.8AI score0.01137EPSS

cve•added 2018/12/04 5:29 p.m.•110 views

CVE-2018-6090

An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.6AI score0.02016EPSS

cve•added 2019/06/27 5:15 p.m.•110 views

CVE-2018-6131

Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.00301EPSS

cve•added 2021/12/23 1:15 a.m.•110 views

CVE-2021-4055

Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

8.8CVSS8.7AI score0.00336EPSS

cve•added 2021/12/23 1:15 a.m.•110 views

CVE-2021-4066

Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.01636EPSS

cve•added 2024/02/29 1:43 a.m.•110 views

CVE-2024-1939

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.4AI score0.29663EPSS

cve•added 2018/09/25 2:29 p.m.•109 views

CVE-2018-6055

Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.

8.8CVSS8.2AI score0.00587EPSS

cve•added 2018/12/04 5:29 p.m.•109 views

CVE-2018-6094

Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.01655EPSS

cve•added 2019/01/09 7:29 p.m.•109 views

CVE-2018-6111

An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS7.1AI score0.0077EPSS

cve•added 2019/06/27 5:15 p.m.•109 views

CVE-2018-6157

Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

8.8CVSS8.3AI score0.00301EPSS

Total number of security vulnerabilities1269