Chrome Security Vulnerabilities and Issues — Page 25 of Chrome CVE List

Lucene search

GoogleChrome

3669 matches found

CVE•added 2019/11/25 3:15 p.m.•166 views

CVE-2019-13673

Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

7.4CVSS7.1AI score0.00344EPSS

CVE•added 2020/07/22 5:15 p.m.•166 views

CVE-2020-6531

Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3CVSS4.9AI score0.01187EPSS

CVE•added 2021/08/26 6:15 p.m.•166 views

CVE-2021-30592

Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

8.8CVSS8.1AI score0.00247EPSS

CVE•added 2021/08/26 6:15 p.m.•166 views

CVE-2021-30600

Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00805EPSS

CVE•added 2022/07/23 12:15 a.m.•166 views

CVE-2022-1128

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00346EPSS

CVE•added 2022/11/30 12:15 a.m.•166 views

CVE-2022-4175

Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00177EPSS

CVE•added 2021/01/08 7:15 p.m.•165 views

CVE-2020-16032

Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.8AI score0.0019EPSS

CVE•added 2022/07/27 10:15 p.m.•165 views

CVE-2022-1855

Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00408EPSS

CVE•added 2022/08/12 8:15 p.m.•165 views

CVE-2022-2609

Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8CVSS8.9AI score0.00808EPSS

CVE•added 2022/11/09 4:15 a.m.•165 views

CVE-2022-3885

Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS9AI score0.0019EPSS

CVE•added 2023/05/16 7:15 p.m.•165 views

CVE-2023-2724

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.11002EPSS

CVE•added 2019/12/10 10:15 p.m.•164 views

CVE-2019-13746

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.1AI score0.01851EPSS

CVE•added 2021/01/08 7:15 p.m.•164 views

CVE-2020-16034

Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attacker to bypass policy restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.00124EPSS

CVE•added 2020/02/11 3:15 p.m.•164 views

CVE-2020-6402

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

8.8CVSS8.4AI score0.02584EPSS

CVE•added 2020/05/21 4:15 a.m.•164 views

CVE-2020-6472

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension.

6.5CVSS6.6AI score0.00889EPSS

CVE•added 2021/02/09 2:15 p.m.•164 views

CVE-2021-21125

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

8.1CVSS7.7AI score0.02926EPSS

CVE•added 2021/11/02 9:15 p.m.•164 views

CVE-2021-37980

Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.

7.4CVSS7.3AI score0.00314EPSS

CVE•added 2021/11/02 10:15 p.m.•164 views

CVE-2021-37992

Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00999EPSS

CVE•added 2023/01/30 9:15 a.m.•164 views

CVE-2023-0474

Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)

8.8CVSS8.9AI score0.00118EPSS

CVE•added 2023/03/21 9:15 p.m.•164 views

CVE-2023-1533

Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS9.2AI score0.00288EPSS

CVE•added 2021/01/08 7:15 p.m.•163 views

CVE-2020-16025

Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9AI score0.00845EPSS

CVE•added 2020/05/21 4:15 a.m.•163 views

CVE-2020-6474

Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.02073EPSS

CVE•added 2021/01/08 7:15 p.m.•163 views

CVE-2021-21109

Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.01308EPSS

CVE•added 2021/08/26 6:15 p.m.•163 views

CVE-2021-30594

Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.

6.8CVSS7.3AI score0.00324EPSS

CVE•added 2021/10/08 9:15 p.m.•163 views

CVE-2021-30627

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00814EPSS

CVE•added 2021/10/08 10:15 p.m.•163 views

CVE-2021-37968

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3CVSS4.9AI score0.00518EPSS

CVE•added 2022/08/12 8:15 p.m.•163 views

CVE-2022-2616

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.

6.5CVSS6.3AI score0.00273EPSS

CVE•added 2023/04/04 10:15 p.m.•163 views

CVE-2023-1811

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00555EPSS

CVE•added 2023/08/15 6:15 p.m.•163 views

CVE-2023-4352

Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.01705EPSS

CVE•added 2020/03/23 4:15 p.m.•162 views

CVE-2020-6449

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.02822EPSS

CVE•added 2020/05/21 4:15 a.m.•162 views

CVE-2020-6467

Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.02045EPSS

CVE•added 2021/11/02 10:15 p.m.•162 views

CVE-2021-37984

Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.02362EPSS

CVE•added 2023/01/30 9:15 a.m.•162 views

CVE-2023-0473

Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS8.4AI score0.00136EPSS

CVE•added 2023/02/22 8:15 p.m.•162 views

CVE-2023-0933

Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

8.8CVSS8.7AI score0.00261EPSS

CVE•added 2023/06/26 9:15 p.m.•162 views

CVE-2023-3420

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.03797EPSS

CVE•added 2019/11/25 3:15 p.m.•161 views

CVE-2019-13708

Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.5AI score0.0031EPSS

CVE•added 2019/11/25 3:15 p.m.•161 views

CVE-2019-5874

Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

8.8CVSS8AI score0.00119EPSS

CVE•added 2021/01/08 7:15 p.m.•161 views

CVE-2020-16029

Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file.

8.8CVSS8AI score0.00217EPSS

CVE•added 2020/05/21 4:15 a.m.•161 views

CVE-2020-6460

Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name.

6.5CVSS6.6AI score0.00705EPSS

CVE•added 2022/11/30 12:15 a.m.•161 views

CVE-2022-4182

Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.9AI score0.00049EPSS

CVE•added 2023/03/07 10:15 p.m.•161 views

CVE-2023-1217

Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

6.5CVSS6.5AI score0.00034EPSS

CVE•added 2021/01/08 7:15 p.m.•160 views

CVE-2020-16021

Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file.

7.5CVSS7.8AI score0.00427EPSS

CVE•added 2021/01/08 7:15 p.m.•160 views

CVE-2020-16035

Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file.

8.8CVSS8.1AI score0.00191EPSS

CVE•added 2021/02/09 2:15 p.m.•160 views

CVE-2021-21136

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.3AI score0.08894EPSS

CVE•added 2021/10/08 9:15 p.m.•160 views

CVE-2021-30625

Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.03445EPSS

CVE•added 2021/11/02 9:15 p.m.•160 views

CVE-2021-37979

heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS7.8AI score0.01716EPSS

CVE•added 2022/02/12 2:15 a.m.•160 views

CVE-2022-0289

Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.09113EPSS

CVE•added 2022/07/23 12:15 a.m.•160 views

CVE-2022-1132

Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.

6.1CVSS6.2AI score0.00053EPSS

CVE•added 2022/08/12 8:15 p.m.•160 views

CVE-2022-2621

Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.

8.8CVSS8.8AI score0.00143EPSS

CVE•added 2023/05/03 12:15 a.m.•160 views

CVE-2023-2460

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

7.1CVSS6.7AI score0.00023EPSS

Total number of security vulnerabilities3669