Chrome Security Vulnerabilities and Issues — Page 4 of Chrome CVE List

Lucene search

GoogleChrome

3665 matches found

CVE•added 2024/03/06 7:15 p.m.•343 views

CVE-2024-2173

Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.6AI score0.00091EPSS

CVE•added 2024/03/06 7:15 p.m.•343 views

CVE-2024-2174

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.7AI score0.00123EPSS

CVE•added 2019/12/10 10:15 p.m.•341 views

CVE-2019-13751

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.00418EPSS

CVE•added 2025/03/19 7:15 p.m.•341 views

CVE-2025-2476

Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS6.8AI score0.11799EPSS

CVE•added 2021/06/04 6:15 p.m.•339 views

CVE-2021-30513

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01087EPSS

CVE•added 2019/02/19 5:29 p.m.•338 views

CVE-2019-5782

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS7AI score0.79803EPSS

CVE•added 2024/04/06 3:15 p.m.•338 views

CVE-2024-3156

Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8AI score0.01279EPSS

CVE•added 2024/05/22 4:15 p.m.•338 views

CVE-2024-5158

Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.8AI score0.00113EPSS

CVE•added 2023/08/25 7:15 p.m.•337 views

CVE-2019-13689

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)

7.8CVSS7.2AI score0.00183EPSS

CVE•added 2021/08/03 8:15 p.m.•337 views

CVE-2021-30588

Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00597EPSS

CVE•added 2025/01/15 11:15 a.m.•336 views

CVE-2025-0434

Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.9AI score0.00124EPSS

CVE•added 2022/08/12 8:15 p.m.•335 views

CVE-2022-2603

Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00508EPSS

CVE•added 2025/06/03 12:15 a.m.•334 views

CVE-2025-5419

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.011EPSS

In wild

CVE•added 2019/12/10 10:15 p.m.•333 views

CVE-2019-13750

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.

6.5CVSS6.3AI score0.00159EPSS

CVE•added 2023/05/30 10:15 p.m.•333 views

CVE-2023-2937

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.7AI score0.00128EPSS

CVE•added 2024/04/17 8:15 a.m.•333 views

CVE-2024-3837

Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS6.4AI score0.00516EPSS

CVE•added 2020/02/11 3:15 p.m.•331 views

CVE-2020-6405

Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.3AI score0.00691EPSS

CVE•added 2020/01/03 11:15 p.m.•330 views

CVE-2019-5845

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7AI score0.00966EPSS

CVE•added 2021/06/04 6:15 p.m.•330 views

CVE-2021-30517

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.14196EPSS

CVE•added 2024/12/12 1:40 a.m.•330 views

CVE-2024-12381

Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.2AI score0.00421EPSS

CVE•added 2019/05/23 8:29 p.m.•329 views

CVE-2019-5789

An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

9.3CVSS8.5AI score0.39945EPSS

CVE•added 2024/04/17 8:15 a.m.•329 views

CVE-2024-3847

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

9.8CVSS5.4AI score0.00067EPSS

CVE•added 2018/12/11 4:29 p.m.•327 views

CVE-2018-18335

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.01839EPSS

CVE•added 2024/05/15 9:15 p.m.•324 views

CVE-2024-4950

Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

6.5CVSS5.5AI score0.00092EPSS

CVE•added 2024/08/01 6:15 p.m.•324 views

CVE-2024-6990

Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS6.3AI score0.00299EPSS

CVE•added 2019/05/23 8:29 p.m.•323 views

CVE-2019-5788

An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

9.3CVSS8.4AI score0.465EPSS

CVE•added 2024/05/15 9:15 p.m.•323 views

CVE-2024-4948

Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.5AI score0.00188EPSS

CVE•added 2024/09/03 11:15 p.m.•323 views

CVE-2024-7970

Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.00154EPSS

CVE•added 2020/07/22 5:15 p.m.•322 views

CVE-2020-6519

Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS6.7AI score0.29231EPSS

CVE•added 2023/08/23 12:15 a.m.•322 views

CVE-2023-4430

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.11354EPSS

CVE•added 2023/08/03 1:15 a.m.•321 views

CVE-2023-4078

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

8.8CVSS7.7AI score0.00156EPSS

CVE•added 2023/10/11 11:15 p.m.•321 views

CVE-2023-5487

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

6.5CVSS6.5AI score0.00034EPSS

CVE•added 2024/04/17 8:15 a.m.•320 views

CVE-2024-3844

Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

4.3CVSS5.6AI score0.00563EPSS

CVE•added 2024/06/20 12:15 a.m.•320 views

CVE-2024-6102

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00318EPSS

CVE•added 2024/11/06 5:15 p.m.•319 views

CVE-2024-10827

Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.00654EPSS

CVE•added 2024/04/17 8:15 a.m.•319 views

CVE-2024-3839

Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS5.1AI score0.00196EPSS

CVE•added 2024/04/17 8:15 a.m.•319 views

CVE-2024-3840

Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

7.5CVSS5.4AI score0.00125EPSS

CVE•added 2024/04/17 8:15 a.m.•317 views

CVE-2024-3841

Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)

7.6CVSS5.3AI score0.00204EPSS

CVE•added 2025/02/04 7:15 p.m.•317 views

CVE-2025-0444

Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

6.3CVSS7.1AI score0.00317EPSS

CVE•added 2019/06/27 5:15 p.m.•316 views

CVE-2019-5831

Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.02152EPSS

CVE•added 2023/08/03 1:15 a.m.•316 views

CVE-2023-4069

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.025EPSS

CVE•added 2023/08/03 1:15 a.m.•316 views

CVE-2023-4076

Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)

8.8CVSS8.8AI score0.00781EPSS

CVE•added 2023/10/11 11:15 p.m.•316 views

CVE-2023-5483

Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.3AI score0.00073EPSS

CVE•added 2021/08/03 7:15 p.m.•315 views

CVE-2021-30561

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.00416EPSS

CVE•added 2024/11/12 9:15 p.m.•315 views

CVE-2024-11117

Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.2AI score0.00054EPSS

CVE•added 2024/05/01 1:15 p.m.•315 views

CVE-2024-4331

Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.4AI score0.00751EPSS

CVE•added 2024/07/16 10:15 p.m.•315 views

CVE-2024-6772

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.2AI score0.00293EPSS

CVE•added 2020/02/11 3:15 p.m.•314 views

CVE-2020-6404

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS7.7AI score0.01744EPSS

CVE•added 2023/05/30 10:15 p.m.•314 views

CVE-2023-2938

4.3CVSS4.7AI score0.00128EPSS

CVE•added 2023/08/23 12:15 a.m.•314 views

CVE-2023-4429

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00392EPSS

Total number of security vulnerabilities3665