Chrome Security Vulnerabilities and Issues — Chrome CVE List

Lucene search

GoogleChrome

3644 matches found

CVE•added 2013/11/19 4:50 a.m.•13016 views

CVE-2013-6629

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG mark...

5CVSS6.1AI score0.0021EPSS

CVE•added 2024/02/21 4:15 a.m.•7000 views

CVE-2024-1671

Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS4.8AI score0.00038EPSS

CVE•added 2024/02/21 4:15 a.m.•6874 views

CVE-2024-1674

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS4.8AI score0.00012EPSS

CVE•added 2024/02/21 4:15 a.m.•6870 views

CVE-2024-1675

Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS4.8AI score0.00065EPSS

CVE•added 2024/02/21 4:15 a.m.•6227 views

CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

9.8CVSS4.7AI score0.00186EPSS

CVE•added 2024/02/21 4:15 a.m.•6142 views

CVE-2024-1669

Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.1AI score0.00164EPSS

CVE•added 2024/02/21 4:15 a.m.•4586 views

CVE-2024-1670

Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.8AI score0.00309EPSS

CVE•added 2024/02/21 4:15 a.m.•3930 views

CVE-2024-1673

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

8.8CVSS5.9AI score0.0036EPSS

CVE•added 2024/02/21 4:15 a.m.•3924 views

CVE-2024-1672

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS4.8AI score0.00042EPSS

CVE•added 2024/05/22 4:15 p.m.•3732 views

CVE-2024-5157

Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.4AI score0.00724EPSS

CVE•added 2024/05/01 1:15 p.m.•3602 views

CVE-2024-4059

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)

6.5CVSS5.3AI score0.00104EPSS

CVE•added 2024/04/17 8:15 a.m.•2176 views

CVE-2024-3832

Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.2AI score0.03717EPSS

CVE•added 2020/11/03 3:15 a.m.•1999 views

CVE-2020-15999

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.6CVSS7.1AI score0.92732EPSS

CVE•added 2024/03/06 7:15 p.m.•1934 views

CVE-2024-2176

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.2AI score0.00562EPSS

CVE•added 2022/04/05 12:15 a.m.•1882 views

CVE-2022-0609

Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9.1AI score0.59709EPSS

CVE•added 2024/04/17 6:15 p.m.•1631 views

CVE-2024-3914

Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.4AI score0.00208EPSS

CVE•added 2022/07/28 2:15 a.m.•1581 views

CVE-2022-2294

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.02193EPSS

CVE•added 2023/09/12 3:15 p.m.•1385 views

CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS8.5AI score0.93991EPSS

CVE•added 2020/11/03 3:15 a.m.•1318 views

CVE-2020-16009

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.80718EPSS

CVE•added 2022/07/23 12:15 a.m.•1311 views

CVE-2022-1096

Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.25307EPSS

CVE•added 2021/06/15 10:15 p.m.•1302 views

CVE-2021-30551

Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.78065EPSS

CVE•added 2019/06/27 5:15 p.m.•1288 views

CVE-2019-5786

Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

6.5CVSS6.2AI score0.89984EPSS

CVE•added 2021/08/03 7:15 p.m.•1281 views

CVE-2021-30563

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.08751EPSS

CVE•added 2022/07/26 10:15 p.m.•1280 views

CVE-2022-1364

Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.10518EPSS

CVE•added 2020/07/22 5:15 p.m.•1275 views

CVE-2020-6514

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

6.5CVSS7.3AI score0.11514EPSS

CVE•added 2019/11/25 3:15 p.m.•1273 views

CVE-2019-13720

Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.1AI score0.90359EPSS

CVE•added 2021/01/08 7:15 p.m.•1269 views

CVE-2020-16012

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3CVSS5.5AI score0.03181EPSS

CVE•added 2021/04/26 5:15 p.m.•1267 views

CVE-2021-21224

Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.9AI score0.66739EPSS

CVE•added 2021/07/02 7:15 p.m.•1225 views

CVE-2021-30554

Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.24629EPSS

CVE•added 2020/11/03 3:15 a.m.•1218 views

CVE-2020-15969

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.03155EPSS

CVE•added 2021/04/26 5:15 p.m.•1218 views

CVE-2021-21220

Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.92805EPSS

CVE•added 2020/02/27 11:15 p.m.•1212 views

CVE-2020-6418

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS7AI score0.85498EPSS

CVE•added 2021/02/09 4:15 p.m.•1212 views

CVE-2021-21148

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9.1AI score0.50292EPSS

CVE•added 2021/04/26 5:15 p.m.•1190 views

CVE-2021-21206

Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.12795EPSS

CVE•added 2021/03/16 3:15 p.m.•1172 views

CVE-2021-21193

Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.12582EPSS

CVE•added 2021/03/09 6:15 p.m.•1161 views

CVE-2021-21166

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.41931EPSS

CVE•added 2021/10/08 9:15 p.m.•1152 views

CVE-2021-30632

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.2AI score0.84245EPSS

CVE•added 2022/09/26 4:15 p.m.•1137 views

CVE-2022-3075

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS8.9AI score0.0059EPSS

CVE•added 2015/05/21 12:59 a.m.•1130 views

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then ...

4.3CVSS4.8AI score0.94027EPSS

CVE•added 2021/10/08 10:15 p.m.•1126 views

CVE-2021-37973

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.5AI score0.19205EPSS

CVE•added 2022/11/25 1:15 a.m.•1116 views

CVE-2022-4135

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

9.6CVSS9.3AI score0.00114EPSS

CVE•added 2021/11/23 10:15 p.m.•1100 views

CVE-2021-38003

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.764EPSS

CVE•added 2018/11/14 3:29 p.m.•1092 views

CVE-2018-17463

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.8AI score0.91128EPSS

CVE•added 2021/10/08 10:15 p.m.•1092 views

CVE-2021-37975

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.2AI score0.64007EPSS

CVE•added 2021/10/08 10:15 p.m.•1079 views

CVE-2021-37976

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.5AI score0.11445EPSS

CVE•added 2019/11/25 8:15 p.m.•1072 views

CVE-2019-5825

Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7AI score0.77431EPSS

CVE•added 2021/11/23 10:15 p.m.•1072 views

CVE-2021-38000

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.

6.1CVSS6.6AI score0.03083EPSS

CVE•added 2021/10/08 9:15 p.m.•1069 views

CVE-2021-30633

Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.46777EPSS

CVE•added 2023/04/14 7:15 p.m.•1064 views

CVE-2023-2033

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.9AI score0.0714EPSS

CVE•added 2020/11/03 3:15 a.m.•1062 views

CVE-2020-16010

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8CVSS8.5AI score0.14474EPSS

Total number of security vulnerabilities3644