Chrome@* Security Vulnerabilities and Issues — Page 11 of Chrome@* CVE List

Lucene search

GoogleChrome*

3610 matches found

CVE•added 2019/11/25 3:15 p.m.•246 views

CVE-2019-13699

Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01004EPSS

CVE•added 2019/02/19 5:29 p.m.•246 views

CVE-2019-5766

Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS5.6AI score0.00877EPSS

CVE•added 2019/02/19 5:29 p.m.•246 views

CVE-2019-5769

Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01655EPSS

CVE•added 2019/02/19 5:29 p.m.•246 views

CVE-2019-5778

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.

6.5CVSS5.9AI score0.00493EPSS

CVE•added 2019/06/27 5:15 p.m.•246 views

CVE-2019-5837

Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.01133EPSS

CVE•added 2024/07/16 10:15 p.m.•246 views

CVE-2024-6774

Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.0026EPSS

CVE•added 2024/08/06 9:16 p.m.•246 views

CVE-2024-7532

Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS6.8AI score0.00168EPSS

CVE•added 2024/08/21 9:15 p.m.•246 views

CVE-2024-7977

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

7.8CVSS6.5AI score0.00023EPSS

CVE•added 2025/02/04 7:15 p.m.•246 views

CVE-2025-0445

Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

5.4CVSS7.1AI score0.00118EPSS

CVE•added 2019/11/25 3:15 p.m.•245 views

CVE-2019-13702

Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.

7.8CVSS7.5AI score0.00185EPSS

CVE•added 2019/12/10 10:15 p.m.•245 views

CVE-2019-13757

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

4.3CVSS5.1AI score0.01851EPSS

CVE•added 2019/02/19 5:29 p.m.•245 views

CVE-2019-5775

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5CVSS5.6AI score0.00852EPSS

CVE•added 2020/02/11 3:15 p.m.•245 views

CVE-2020-6412

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

5.8CVSS5.8AI score0.00574EPSS

CVE•added 2022/07/26 10:15 p.m.•245 views

CVE-2022-1479

Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00507EPSS

CVE•added 2022/07/28 1:15 a.m.•245 views

CVE-2022-2008

Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.00339EPSS

CVE•added 2020/02/11 3:15 p.m.•244 views

CVE-2020-6394

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

5.8CVSS5.6AI score0.01055EPSS

CVE•added 2021/03/16 3:15 p.m.•244 views

CVE-2021-21191

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00987EPSS

CVE•added 2022/04/05 1:15 a.m.•244 views

CVE-2022-0807

Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5CVSS6.5AI score0.00089EPSS

CVE•added 2022/07/28 2:15 a.m.•244 views

CVE-2022-2477

Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00154EPSS

CVE•added 2022/08/12 8:15 p.m.•244 views

CVE-2022-2623

Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8CVSS8.8AI score0.00425EPSS

CVE•added 2024/11/12 9:15 p.m.•244 views

CVE-2024-11110

Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)

6.5CVSS6.3AI score0.00057EPSS

CVE•added 2024/07/16 10:15 p.m.•244 views

CVE-2024-6776

Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.8AI score0.0026EPSS

CVE•added 2024/08/21 9:15 p.m.•244 views

CVE-2024-7981

Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00133EPSS

CVE•added 2024/08/21 9:15 p.m.•244 views

CVE-2024-8034

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00137EPSS

CVE•added 2019/11/25 3:15 p.m.•243 views

CVE-2019-13710

Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.00238EPSS

CVE•added 2019/12/10 10:15 p.m.•243 views

CVE-2019-13726

Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

8.8CVSS8.6AI score0.074EPSS

CVE•added 2019/02/19 5:29 p.m.•243 views

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

6.5CVSS5.6AI score0.00288EPSS

CVE•added 2022/07/26 10:15 p.m.•243 views

CVE-2022-1482

Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS6.8AI score0.00188EPSS

CVE•added 2022/07/27 10:15 p.m.•243 views

CVE-2022-1863

Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.

8.8CVSS9.1AI score0.00166EPSS

CVE•added 2024/11/27 6:15 p.m.•243 views

CVE-2024-7025

Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.00247EPSS

CVE•added 2024/09/11 2:15 p.m.•243 views

CVE-2024-8637

Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7AI score0.00147EPSS

CVE•added 2019/12/10 10:15 p.m.•242 views

CVE-2019-13759

Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3CVSS5AI score0.0234EPSS

CVE•added 2019/11/25 3:15 p.m.•242 views

CVE-2019-5867

Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS6.2AI score0.00271EPSS

CVE•added 2019/11/25 3:15 p.m.•242 views

CVE-2019-5868

Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

5.5CVSS6AI score0.00134EPSS

CVE•added 2020/02/11 3:15 p.m.•242 views

CVE-2020-6385

Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.

8.8CVSS7.7AI score0.01399EPSS

CVE•added 2021/06/04 6:15 p.m.•242 views

CVE-2021-30510

Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00605EPSS

CVE•added 2024/07/16 10:15 p.m.•242 views

CVE-2024-6775

Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.0026EPSS

CVE•added 2024/07/16 10:15 p.m.•242 views

CVE-2024-6778

Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

8.8CVSS6.2AI score0.16842EPSS

CVE•added 2024/08/28 11:15 p.m.•242 views

CVE-2024-8193

Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.2AI score0.00313EPSS

CVE•added 2018/08/28 7:29 p.m.•241 views

CVE-2017-15422

Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.5CVSS7AI score0.01039EPSS

CVE•added 2019/11/25 3:15 p.m.•241 views

CVE-2019-13711

Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

5.3CVSS5.3AI score0.00355EPSS

CVE•added 2019/12/10 10:15 p.m.•241 views

CVE-2019-13736

Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.5AI score0.02375EPSS

CVE•added 2019/12/10 10:15 p.m.•241 views

CVE-2019-13747

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.2AI score0.02356EPSS

CVE•added 2019/02/19 5:29 p.m.•241 views

CVE-2019-5768

DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.

6.5CVSS5.7AI score0.00488EPSS

CVE•added 2020/02/11 3:15 p.m.•241 views

CVE-2020-6414

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

8.8CVSS7.7AI score0.00866EPSS

CVE•added 2022/04/05 1:15 a.m.•241 views

CVE-2022-0789

Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.00774EPSS

CVE•added 2024/08/21 9:15 p.m.•241 views

CVE-2024-7967

Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.9AI score0.00242EPSS

CVE•added 2019/12/10 10:15 p.m.•240 views

CVE-2019-13737

Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.1AI score0.02568EPSS

CVE•added 2019/02/19 5:29 p.m.•240 views

CVE-2019-5758

Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS6.2AI score0.01655EPSS

CVE•added 2020/05/21 4:15 a.m.•240 views

CVE-2020-6477

Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.

7.8CVSS7.6AI score0.00031EPSS

Total number of security vulnerabilities3610