Chrome Security Vulnerabilities and Issues — Page 24 of Chrome CVE List

Lucene search

GoogleChrome

3669 matches found

CVE•added 2021/10/08 10:15 p.m.•171 views

CVE-2021-37962

Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00587EPSS

CVE•added 2023/05/16 7:15 p.m.•171 views

CVE-2023-2725

Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.07731EPSS

CVE•added 2023/09/12 9:15 p.m.•171 views

CVE-2023-4907

Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.3AI score0.00176EPSS

CVE•added 2019/02/19 5:29 p.m.•170 views

CVE-2019-5760

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.1AI score0.01527EPSS

CVE•added 2021/01/08 7:15 p.m.•170 views

CVE-2020-16031

Insufficient data validation in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.8AI score0.00159EPSS

CVE•added 2021/01/08 7:15 p.m.•170 views

CVE-2021-21107

Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.01308EPSS

CVE•added 2021/01/08 7:15 p.m.•170 views

CVE-2021-21111

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

9.6CVSS8.8AI score0.00454EPSS

CVE•added 2021/02/09 3:15 p.m.•170 views

CVE-2021-21144

Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

8.8CVSS8.9AI score0.0032EPSS

CVE•added 2022/07/25 2:15 p.m.•170 views

CVE-2022-1306

Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.8AI score0.0014EPSS

CVE•added 2022/11/30 12:15 a.m.•170 views

CVE-2022-4188

Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.8AI score0.00054EPSS

CVE•added 2023/02/22 8:15 p.m.•170 views

CVE-2023-0931

Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.9AI score0.00101EPSS

CVE•added 2023/03/07 10:15 p.m.•170 views

CVE-2023-1220

Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00144EPSS

CVE•added 2023/04/04 10:15 p.m.•170 views

CVE-2023-1810

Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.6AI score0.00794EPSS

CVE•added 2020/02/27 11:15 p.m.•169 views

CVE-2020-6384

Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00809EPSS

CVE•added 2020/02/11 3:15 p.m.•169 views

CVE-2020-6400

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.01906EPSS

CVE•added 2020/05/21 4:15 a.m.•169 views

CVE-2020-6480

Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions.

6.5CVSS6.6AI score0.00495EPSS

CVE•added 2020/09/21 8:15 p.m.•169 views

CVE-2020-6574

Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.

7.8CVSS7.7AI score0.00131EPSS

CVE•added 2021/01/08 7:15 p.m.•169 views

CVE-2021-21112

Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01729EPSS

CVE•added 2021/02/09 2:15 p.m.•169 views

CVE-2021-21139

Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5CVSS6.7AI score0.01529EPSS

CVE•added 2021/08/26 6:15 p.m.•169 views

CVE-2021-30604

Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00805EPSS

CVE•added 2021/10/08 10:15 p.m.•169 views

CVE-2021-37971

Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS5AI score0.00219EPSS

CVE•added 2021/10/08 10:15 p.m.•169 views

CVE-2021-37972

Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00725EPSS

CVE•added 2021/11/02 9:15 p.m.•169 views

CVE-2021-37978

Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS7.9AI score0.02288EPSS

CVE•added 2022/04/05 1:15 a.m.•169 views

CVE-2022-0804

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.3AI score0.0028EPSS

CVE•added 2022/11/30 12:15 a.m.•169 views

CVE-2022-4183

Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.8AI score0.00051EPSS

CVE•added 2018/12/11 4:29 p.m.•168 views

CVE-2018-17481

Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS7.6AI score0.01749EPSS

CVE•added 2019/11/25 3:15 p.m.•168 views

CVE-2019-13681

Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

4.3CVSS5AI score0.00093EPSS

CVE•added 2019/12/10 10:15 p.m.•168 views

CVE-2019-13755

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.

4.3CVSS4.9AI score0.01851EPSS

CVE•added 2021/01/08 7:15 p.m.•168 views

CVE-2020-16023

Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00577EPSS

CVE•added 2020/07/22 5:15 p.m.•168 views

CVE-2020-6528

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.8AI score0.01606EPSS

CVE•added 2020/09/21 8:15 p.m.•168 views

CVE-2020-6566

Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00889EPSS

CVE•added 2021/01/08 7:15 p.m.•168 views

CVE-2021-21108

Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.01308EPSS

CVE•added 2022/11/30 12:15 a.m.•168 views

CVE-2022-4185

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.6AI score0.00208EPSS

CVE•added 2022/11/30 12:15 a.m.•168 views

CVE-2022-4195

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)

4.3CVSS5AI score0.00044EPSS

CVE•added 2023/03/07 10:15 p.m.•168 views

CVE-2023-1235

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)

6.3CVSS6.4AI score0.0015EPSS

CVE•added 2023/03/21 9:15 p.m.•168 views

CVE-2023-1528

Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS9.2AI score0.00355EPSS

CVE•added 2023/09/12 9:15 p.m.•168 views

CVE-2023-4903

Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.2AI score0.00176EPSS

CVE•added 2013/07/10 10:55 a.m.•167 views

CVE-2013-2877

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

5CVSS7.6AI score0.01047EPSS

CVE•added 2020/11/03 3:15 a.m.•167 views

CVE-2020-15983

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.

7.8CVSS7.1AI score0.00025EPSS

CVE•added 2021/01/08 7:15 p.m.•167 views

CVE-2020-16018

Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.00317EPSS

CVE•added 2020/02/11 3:15 p.m.•167 views

CVE-2020-6391

Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.

4.3CVSS4.8AI score0.01736EPSS

CVE•added 2021/02/09 3:15 p.m.•167 views

CVE-2021-21142

Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.3AI score0.00606EPSS

CVE•added 2021/08/26 6:15 p.m.•167 views

CVE-2021-30593

Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

8.1CVSS7.6AI score0.00268EPSS

CVE•added 2022/07/23 12:15 a.m.•167 views

CVE-2022-1127

Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

8.8CVSS8.9AI score0.00812EPSS

CVE•added 2022/11/09 4:15 a.m.•167 views

CVE-2022-3889

Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.6AI score0.00241EPSS

CVE•added 2023/01/10 8:15 p.m.•167 views

CVE-2023-0139

Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)

6.5CVSS5.8AI score0.00042EPSS

CVE•added 2023/02/07 9:15 p.m.•167 views

CVE-2023-0696

Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.00134EPSS

CVE•added 2023/02/22 8:15 p.m.•167 views

CVE-2023-0927

Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00228EPSS

CVE•added 2023/05/30 10:15 p.m.•167 views

CVE-2023-2929

Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.00535EPSS

CVE•added 2023/09/12 9:15 p.m.•167 views

CVE-2023-4904

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)

4.3CVSS4.4AI score0.00044EPSS

Total number of security vulnerabilities3669