Chrome@* Security Vulnerabilities and Issues — Page 29 of Chrome@* CVE List

Lucene search

GoogleChrome*

3596 matches found

CVE•added 2021/04/26 5:15 p.m.•127 views

CVE-2021-21216

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5CVSS6.5AI score0.00938EPSS

CVE•added 2021/10/08 10:15 p.m.•127 views

CVE-2021-37965

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3CVSS4.9AI score0.00219EPSS

CVE•added 2021/12/23 1:15 a.m.•127 views

CVE-2021-38012

Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01475EPSS

CVE•added 2022/04/05 1:15 a.m.•127 views

CVE-2022-0464

Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

8.8CVSS9.1AI score0.00313EPSS

CVE•added 2022/07/26 10:15 p.m.•127 views

CVE-2022-1633

Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.

8.8CVSS8.9AI score0.00342EPSS

CVE•added 2022/12/14 6:15 a.m.•127 views

CVE-2022-4437

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.0022EPSS

CVE•added 2023/02/07 9:15 p.m.•127 views

CVE-2023-0703

Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)

8.8CVSS8.5AI score0.00208EPSS

CVE•added 2023/08/15 6:15 p.m.•127 views

CVE-2023-4355

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.36845EPSS

CVE•added 2024/09/25 1:15 a.m.•127 views

CVE-2024-9120

Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.1AI score0.00159EPSS

CVE•added 2025/06/11 1:15 a.m.•127 views

CVE-2025-5959

Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.1AI score0.00048EPSS

CVE•added 2018/12/11 4:29 p.m.•126 views

CVE-2018-18354

Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.

8.8CVSS7.8AI score0.01655EPSS

CVE•added 2019/01/09 7:29 p.m.•126 views

CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS5.6AI score0.00992EPSS

CVE•added 2019/06/27 5:15 p.m.•126 views

CVE-2018-6154

Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.00301EPSS

CVE•added 2021/11/02 10:15 p.m.•126 views

CVE-2021-37986

Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.00987EPSS

CVE•added 2021/11/23 10:15 p.m.•126 views

CVE-2021-37998

Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01192EPSS

CVE•added 2021/12/23 1:15 a.m.•126 views

CVE-2021-38015

Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

8.8CVSS8.2AI score0.00094EPSS

CVE•added 2022/11/09 7:15 p.m.•126 views

CVE-2022-3446

Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.7AI score0.00267EPSS

CVE•added 2023/03/07 10:15 p.m.•126 views

CVE-2023-1215

Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.00107EPSS

CVE•added 2023/05/03 12:15 a.m.•126 views

CVE-2023-2459

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.3AI score0.0002EPSS

CVE•added 2023/05/16 7:15 p.m.•126 views

CVE-2023-2726

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.8AI score0.0002EPSS

CVE•added 2023/08/01 11:15 p.m.•126 views

CVE-2023-3739

Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)

6.3CVSS6.5AI score0.00526EPSS

CVE•added 2023/08/15 6:15 p.m.•126 views

CVE-2023-4368

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.8AI score0.00043EPSS

CVE•added 2024/02/07 12:15 a.m.•126 views

CVE-2024-1284

Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

9.8CVSS9.4AI score0.01471EPSS

CVE•added 2019/01/09 7:29 p.m.•125 views

CVE-2018-16065

A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.8AI score0.02538EPSS

CVE•added 2021/04/26 5:15 p.m.•125 views

CVE-2021-21215

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5CVSS6.5AI score0.00702EPSS

CVE•added 2021/12/23 1:15 a.m.•125 views

CVE-2021-38018

Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.6AI score0.00803EPSS

CVE•added 2021/12/23 1:15 a.m.•125 views

CVE-2021-38021

Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5CVSS6.5AI score0.00348EPSS

CVE•added 2021/12/23 1:15 a.m.•125 views

CVE-2021-4057

Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.02907EPSS

CVE•added 2022/04/05 1:15 a.m.•125 views

CVE-2022-0456

Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction.

8.8CVSS9.1AI score0.00273EPSS

CVE•added 2022/04/05 1:15 a.m.•125 views

CVE-2022-0457

Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00313EPSS

CVE•added 2022/04/05 1:15 a.m.•125 views

CVE-2022-0462

Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.4AI score0.00567EPSS

CVE•added 2022/11/01 11:15 p.m.•125 views

CVE-2022-3652

Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.00592EPSS

CVE•added 2019/01/09 7:29 p.m.•124 views

CVE-2018-16076

Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

8.8CVSS8.2AI score0.00607EPSS

CVE•added 2018/11/14 3:29 p.m.•124 views

CVE-2018-17476

Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

4.3CVSS5.1AI score0.00963EPSS

CVE•added 2018/12/11 4:29 p.m.•124 views

CVE-2018-18347

Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.

8.8CVSS7.9AI score0.01655EPSS

CVE•added 2018/12/11 4:29 p.m.•124 views

CVE-2018-18351

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.

6.5CVSS6.3AI score0.00763EPSS

CVE•added 2018/12/11 4:29 p.m.•124 views

CVE-2018-18355

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

4.3CVSS4.8AI score0.00963EPSS

CVE•added 2021/04/26 5:15 p.m.•124 views

CVE-2021-21217

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

5.5CVSS5.8AI score0.00572EPSS

CVE•added 2021/12/23 1:15 a.m.•124 views

CVE-2021-38009

Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.4AI score0.01139EPSS

CVE•added 2021/12/23 1:15 a.m.•124 views

CVE-2021-38017

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

8.8CVSS8.2AI score0.001EPSS

CVE•added 2021/12/23 1:15 a.m.•124 views

CVE-2021-4078

Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00573EPSS

CVE•added 2022/02/12 12:15 a.m.•124 views

CVE-2022-0100

Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.00733EPSS

CVE•added 2022/04/05 1:15 a.m.•124 views

CVE-2022-0463

8.8CVSS9.1AI score0.00313EPSS

CVE•added 2022/09/26 4:15 p.m.•124 views

CVE-2022-3198

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

8.8CVSS8.8AI score0.00735EPSS

CVE•added 2022/11/09 7:15 p.m.•124 views

CVE-2022-3449

Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

8.8CVSS8.8AI score0.00061EPSS

CVE•added 2023/03/07 10:15 p.m.•124 views

CVE-2023-1216

Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.9AI score0.00085EPSS

CVE•added 2023/05/30 10:15 p.m.•124 views

CVE-2023-2930

Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00127EPSS

CVE•added 2019/06/27 5:15 p.m.•123 views

CVE-2018-16077

Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS6.5AI score0.00098EPSS

CVE•added 2018/12/11 4:29 p.m.•123 views

CVE-2018-18340

Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01655EPSS

CVE•added 2018/12/11 4:29 p.m.•123 views

CVE-2018-18342

Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.8AI score0.01996EPSS

Total number of security vulnerabilities3596