Chrome Security Vulnerabilities and Issues — Page 7 of Chrome CVE List

Lucene search

GoogleChrome

3667 matches found

CVE•added 2019/06/27 5:15 p.m.•287 views

CVE-2019-5809

Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.

8.8CVSS8.6AI score0.01514EPSS

CVE•added 2019/06/27 5:15 p.m.•287 views

CVE-2019-5828

Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8CVSS8.1AI score0.01749EPSS

CVE•added 2024/12/18 10:15 p.m.•287 views

CVE-2024-12694

Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.8AI score0.0016EPSS

CVE•added 2024/06/11 9:15 p.m.•287 views

CVE-2024-5836

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)

8.8CVSS7.8AI score0.00322EPSS

CVE•added 2024/06/11 9:15 p.m.•287 views

CVE-2024-5845

Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

8.8CVSS7.4AI score0.00256EPSS

CVE•added 2024/08/01 6:15 p.m.•287 views

CVE-2024-7256

Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.1AI score0.0047EPSS

CVE•added 2024/08/28 11:15 p.m.•287 views

CVE-2024-8198

Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.2AI score0.00205EPSS

CVE•added 2025/05/05 6:15 p.m.•287 views

CVE-2025-4052

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

9.8CVSS5.9AI score0.00061EPSS

CVE•added 2020/04/13 6:15 p.m.•286 views

CVE-2020-6438

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.

4.3CVSS4.9AI score0.00691EPSS

CVE•added 2020/04/13 6:15 p.m.•286 views

CVE-2020-6441

Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

4.3CVSS4.8AI score0.00527EPSS

CVE•added 2024/06/11 9:15 p.m.•286 views

CVE-2024-5842

Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7AI score0.00301EPSS

CVE•added 2024/06/11 9:15 p.m.•286 views

CVE-2024-5847

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

8.8CVSS7.4AI score0.00256EPSS

CVE•added 2024/06/24 10:15 p.m.•286 views

CVE-2024-6292

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.1AI score0.00246EPSS

CVE•added 2024/09/11 2:15 p.m.•286 views

CVE-2024-8639

Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7AI score0.00207EPSS

CVE•added 2019/06/27 5:15 p.m.•285 views

CVE-2019-5818

Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.

6.5CVSS6.2AI score0.01057EPSS

CVE•added 2019/06/27 5:15 p.m.•285 views

CVE-2019-5824

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.01655EPSS

CVE•added 2024/06/11 9:15 p.m.•285 views

CVE-2024-5835

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.4AI score0.00075EPSS

CVE•added 2019/05/23 8:29 p.m.•284 views

CVE-2019-5803

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS6.3AI score0.00323EPSS

CVE•added 2020/04/13 6:15 p.m.•284 views

CVE-2020-6437

Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.

4.3CVSS5AI score0.00924EPSS

CVE•added 2024/06/11 9:15 p.m.•284 views

CVE-2024-5841

Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.3AI score0.00256EPSS

CVE•added 2019/12/10 10:15 p.m.•283 views

CVE-2019-13753

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.02219EPSS

CVE•added 2019/05/23 8:29 p.m.•283 views

CVE-2019-5792

Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

8.8CVSS8.2AI score0.0065EPSS

CVE•added 2019/06/27 5:15 p.m.•283 views

CVE-2019-5838

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.

4.3CVSS5.1AI score0.00474EPSS

CVE•added 2020/04/13 6:15 p.m.•283 views

CVE-2020-6439

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

8.8CVSS7.7AI score0.00878EPSS

CVE•added 2024/06/11 9:15 p.m.•283 views

CVE-2024-5837

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00196EPSS

CVE•added 2024/08/28 11:15 p.m.•283 views

CVE-2024-8194

Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00141EPSS

CVE•added 2024/09/17 9:15 p.m.•283 views

CVE-2024-8906

Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.2AI score0.00138EPSS

CVE•added 2019/06/27 5:15 p.m.•282 views

CVE-2019-5813

Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01749EPSS

CVE•added 2020/07/22 5:15 p.m.•282 views

CVE-2020-6526

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5CVSS6.7AI score0.0087EPSS

CVE•added 2022/07/27 10:15 p.m.•282 views

CVE-2022-1853

Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.00698EPSS

CVE•added 2019/05/23 8:29 p.m.•281 views

CVE-2019-5799

Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS6.4AI score0.00238EPSS

CVE•added 2020/04/13 6:15 p.m.•281 views

CVE-2020-6440

Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

4.3CVSS4.9AI score0.00695EPSS

CVE•added 2024/09/17 9:15 p.m.•281 views

CVE-2024-8909

Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS5.9AI score0.00103EPSS

CVE•added 2019/06/27 5:15 p.m.•280 views

CVE-2019-5820

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.5AI score0.01514EPSS

CVE•added 2022/07/28 1:15 a.m.•280 views

CVE-2022-2158

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.00611EPSS

CVE•added 2023/10/11 11:15 p.m.•280 views

CVE-2023-5479

Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.4AI score0.00033EPSS

CVE•added 2024/11/12 9:15 p.m.•280 views

CVE-2024-11115

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)

8.8CVSS6.6AI score0.0022EPSS

CVE•added 2024/09/11 2:15 p.m.•280 views

CVE-2024-8638

Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.4AI score0.00147EPSS

CVE•added 2019/11/25 3:15 p.m.•279 views

CVE-2019-13685

Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00356EPSS

CVE•added 2022/07/21 11:15 p.m.•279 views

CVE-2022-0972

Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00118EPSS

CVE•added 2022/07/26 10:15 p.m.•279 views

CVE-2022-1478

Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01116EPSS

CVE•added 2020/04/13 6:15 p.m.•278 views

CVE-2020-6456

Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.

6.5CVSS6.4AI score0.00612EPSS

CVE•added 2020/05/21 4:15 a.m.•278 views

CVE-2020-6479

Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5CVSS6.5AI score0.00817EPSS

CVE•added 2019/06/27 5:15 p.m.•277 views

CVE-2019-5834

Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.3AI score0.00442EPSS

CVE•added 2020/05/21 4:15 a.m.•277 views

CVE-2020-6475

Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5CVSS6.5AI score0.01409EPSS

CVE•added 2018/02/07 11:29 p.m.•276 views

CVE-2017-5130

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

8.8CVSS6.6AI score0.01396EPSS

CVE•added 2020/02/27 11:15 p.m.•276 views

CVE-2020-6407

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.5AI score0.00952EPSS

CVE•added 2020/04/13 6:15 p.m.•276 views

CVE-2020-6446

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS6.3AI score0.00716EPSS

CVE•added 2020/06/03 11:15 p.m.•276 views

CVE-2020-6493

Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.03614EPSS

CVE•added 2024/12/12 1:40 a.m.•276 views

CVE-2024-12382

Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.00449EPSS

Total number of security vulnerabilities3667