Chrome Security Vulnerabilities and Issues — Page 2 of Chrome CVE List

Lucene search

GoogleChrome

102 matches found

CVE•added 2025/06/18 7:15 p.m.•115 views

CVE-2025-6191

Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.3AI score0.00065EPSS

CVE•added 2025/02/15 2:15 a.m.•113 views

CVE-2025-0995

Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.9AI score0.0015EPSS

CVE•added 2025/02/15 2:15 a.m.•111 views

CVE-2025-0997

Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

8.1CVSS7.1AI score0.0007EPSS

CVE•added 2025/06/18 7:15 p.m.•111 views

CVE-2025-6192

Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00118EPSS

CVE•added 2025/02/15 2:15 a.m.•110 views

CVE-2025-0996

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

5.4CVSS5.8AI score0.00066EPSS

CVE•added 2025/03/10 9:15 p.m.•109 views

CVE-2025-2136

Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.3AI score0.00106EPSS

CVE•added 2025/03/10 9:15 p.m.•108 views

CVE-2025-2137

Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS6.6AI score0.00051EPSS

CVE•added 2025/03/10 9:15 p.m.•106 views

CVE-2025-1920

Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.8AI score0.00078EPSS

CVE•added 2025/04/02 1:15 a.m.•101 views

CVE-2025-3067

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)

8.8CVSS7AI score0.00052EPSS

CVE•added 2025/04/02 1:15 a.m.•93 views

CVE-2025-3068

Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS6.8AI score0.0006EPSS

CVE•added 2025/04/02 1:15 a.m.•93 views

CVE-2025-3072

Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

5.4CVSS6.4AI score0.00042EPSS

CVE•added 2025/04/02 1:15 a.m.•93 views

CVE-2025-3074

Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

5.4CVSS6.4AI score0.00042EPSS

CVE•added 2025/03/05 4:15 a.m.•87 views

CVE-2025-1919

Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS6.4AI score0.00068EPSS

CVE•added 2025/02/19 5:15 p.m.•86 views

CVE-2025-1426

Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.9AI score0.00116EPSS

CVE•added 2025/04/16 9:15 p.m.•86 views

CVE-2025-3619

Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS7.2AI score0.00031EPSS

CVE•added 2025/03/05 4:15 a.m.•84 views

CVE-2025-1915

Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium...

8.1CVSS6.5AI score0.0004EPSS

CVE•added 2025/02/19 5:15 p.m.•82 views

CVE-2025-0999

Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.3AI score0.00228EPSS

CVE•added 2025/03/05 4:15 a.m.•81 views

CVE-2025-1914

Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.4AI score0.00068EPSS

CVE•added 2025/02/19 5:15 p.m.•80 views

CVE-2025-1006

Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium)

8.8CVSS9.1AI score0.00132EPSS

CVE•added 2025/04/16 9:15 p.m.•77 views

CVE-2025-3620

Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7AI score0.00051EPSS

CVE•added 2025/04/02 1:15 a.m.•76 views

CVE-2025-3069

Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS6.8AI score0.00062EPSS

CVE•added 2025/03/05 4:15 a.m.•74 views

CVE-2025-1917

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.2AI score0.00055EPSS

CVE•added 2025/03/05 4:15 a.m.•71 views

CVE-2025-1918

Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium)

8.8CVSS6.6AI score0.00068EPSS

CVE•added 2025/04/02 1:15 a.m.•71 views

CVE-2025-3071

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

5.4CVSS6.3AI score0.00008EPSS

CVE•added 2025/03/05 4:15 a.m.•70 views

CVE-2025-1916

Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7AI score0.0008EPSS

CVE•added 2025/04/02 1:15 a.m.•70 views

CVE-2025-3073

Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

5.4CVSS6.4AI score0.00042EPSS

CVE•added 2025/03/05 4:15 a.m.•68 views

CVE-2025-1922

Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.2AI score0.00052EPSS

CVE•added 2025/04/02 1:15 a.m.•66 views

CVE-2025-3070

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.8AI score0.00054EPSS

CVE•added 2025/03/05 4:15 a.m.•62 views

CVE-2025-1923

Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

4.3CVSS6.4AI score0.0004EPSS

CVE•added 2025/03/05 4:15 a.m.•61 views

CVE-2025-1921

Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS5.8AI score0.00057EPSS

CVE•added 2025/07/15 6:15 p.m.•61 views

CVE-2025-7657

Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.3AI score0.00148EPSS

CVE•added 2025/07/15 6:15 p.m.•59 views

CVE-2025-7656

Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.1AI score0.00087EPSS

CVE•added 2025/07/22 10:15 p.m.•55 views

CVE-2025-8010

Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.8AI score0.00089EPSS

CVE•added 2025/07/30 2:17 a.m.•54 views

CVE-2025-8292

Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.00119EPSS

CVE•added 2025/07/22 10:15 p.m.•53 views

CVE-2025-8011

Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.8AI score0.00089EPSS

CVE•added 2025/08/20 1:15 a.m.•52 views

CVE-2025-9132

Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7AI score0.00066EPSS

CVE•added 2025/08/26 7:15 p.m.•36 views

CVE-2025-9478

Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS6.7AI score0.00071EPSS

CVE•added 2025/08/07 2:15 a.m.•31 views

CVE-2025-8576

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

8.8CVSS6.5AI score0.00141EPSS

CVE•added 2025/08/07 2:15 a.m.•31 views

CVE-2025-8578

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS6.4AI score0.00141EPSS

CVE•added 2025/08/07 2:15 a.m.•30 views

CVE-2025-8582

Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS5.2AI score0.00098EPSS

CVE•added 2025/08/07 2:15 a.m.•27 views

CVE-2025-8583

Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS5.4AI score0.00037EPSS

CVE•added 2025/08/13 3:15 a.m.•27 views

CVE-2025-8879

Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)

8.8CVSS7.6AI score0.00074EPSS

CVE•added 2025/08/07 2:15 a.m.•26 views

CVE-2025-8579

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS5.4AI score0.00053EPSS

CVE•added 2025/08/07 2:15 a.m.•26 views

CVE-2025-8581

Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS5.3AI score0.0005EPSS

CVE•added 2025/08/07 2:15 a.m.•25 views

CVE-2025-8577

4.3CVSS5.5AI score0.00053EPSS

CVE•added 2025/08/07 2:15 a.m.•25 views

CVE-2025-8580

Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS5.5AI score0.00053EPSS

CVE•added 2025/08/13 3:15 a.m.•25 views

CVE-2025-8881

Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.2AI score0.00016EPSS

CVE•added 2025/08/13 3:15 a.m.•23 views

CVE-2025-8882

Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.2AI score0.00109EPSS

CVE•added 2025/08/13 3:15 a.m.•23 views

CVE-2025-8901

Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.00101EPSS

CVE•added 2025/08/13 3:15 a.m.•22 views

CVE-2025-8880

Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.7AI score0.00086EPSS

Total number of security vulnerabilities102