Chrome@* Security Vulnerabilities and Issues — Page 3 of Chrome@* CVE List

Lucene search

GoogleChrome*

3596 matches found

CVE•added 2023/09/05 10:15 p.m.•427 views

CVE-2023-4761

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

8.1CVSS7.6AI score0.0024EPSS

CVE•added 2021/04/30 9:15 p.m.•423 views

CVE-2021-21230

Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.03608EPSS

CVE•added 2024/05/15 9:15 p.m.•420 views

CVE-2024-4947

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.9AI score0.00467EPSS

CVE•added 2025/05/27 9:15 p.m.•418 views

CVE-2025-5283

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

5.4CVSS7.1AI score0.00074EPSS

CVE•added 2025/01/15 11:15 a.m.•413 views

CVE-2025-0448

Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.0008EPSS

CVE•added 2025/05/27 9:15 p.m.•409 views

CVE-2025-5064

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

5.4CVSS6AI score0.00058EPSS

CVE•added 2025/05/27 9:15 p.m.•409 views

CVE-2025-5281

Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)

5.4CVSS6AI score0.00058EPSS

CVE•added 2020/04/13 6:15 p.m.•398 views

CVE-2020-6447

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.01485EPSS

CVE•added 2025/05/27 9:15 p.m.•396 views

CVE-2025-5067

Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

5.4CVSS6.2AI score0.00056EPSS

CVE•added 2018/12/11 4:29 p.m.•388 views

CVE-2018-18356

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.02245EPSS

CVE•added 2025/01/15 11:15 a.m.•382 views

CVE-2025-0446

Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

4.3CVSS6.6AI score0.00074EPSS

CVE•added 2024/09/17 9:15 p.m.•379 views

CVE-2024-8907

Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)

6.1CVSS6AI score0.00166EPSS

CVE•added 2023/12/21 11:15 p.m.•378 views

CVE-2023-7024

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.9AI score0.01348EPSS

CVE•added 2023/09/05 10:15 p.m.•374 views

CVE-2023-4764

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

6.5CVSS6.2AI score0.001EPSS

CVE•added 2025/01/08 7:15 p.m.•371 views

CVE-2025-0291

Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.4AI score0.01411EPSS

CVE•added 2023/11/29 12:15 p.m.•369 views

CVE-2023-6345

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

9.6CVSS9.2AI score0.0067EPSS

CVE•added 2025/03/26 4:15 p.m.•366 views

CVE-2025-2783

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

8.3CVSS6.8AI score0.08309EPSS

CVE•added 2023/05/30 10:15 p.m.•365 views

CVE-2023-2941

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)

4.3CVSS5AI score0.00083EPSS

CVE•added 2020/05/21 4:15 a.m.•363 views

CVE-2020-6463

Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9.1AI score0.03285EPSS

CVE•added 2021/08/03 7:15 p.m.•361 views

CVE-2021-30560

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00092EPSS

CVE•added 2023/01/10 8:15 p.m.•361 views

CVE-2023-0129

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)

8.8CVSS8.7AI score0.00123EPSS

CVE•added 2020/05/21 4:15 a.m.•360 views

CVE-2020-6457

Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.01068EPSS

CVE•added 2018/11/14 3:29 p.m.•356 views

CVE-2018-17466

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS7.1AI score0.00898EPSS

CVE•added 2023/03/07 10:15 p.m.•343 views

CVE-2023-1234

Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00362EPSS

CVE•added 2023/09/05 10:15 p.m.•340 views

CVE-2023-4762

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.7AI score0.11497EPSS

CVE•added 2023/10/05 6:15 p.m.•340 views

CVE-2023-5346

Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.0059EPSS

CVE•added 2025/03/19 7:15 p.m.•340 views

CVE-2025-2476

Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS6.8AI score0.1458EPSS

CVE•added 2019/06/27 5:15 p.m.•339 views

CVE-2019-5785

Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

6.5CVSS6.9AI score0.00375EPSS

CVE•added 2021/06/04 6:15 p.m.•337 views

CVE-2021-30513

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01087EPSS

CVE•added 2023/08/25 7:15 p.m.•336 views

CVE-2019-13689

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)

7.8CVSS7.2AI score0.00183EPSS

CVE•added 2021/08/03 8:15 p.m.•335 views

CVE-2021-30588

Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00597EPSS

CVE•added 2024/05/14 4:17 p.m.•335 views

CVE-2024-4761

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.8AI score0.0159EPSS

CVE•added 2024/08/21 9:15 p.m.•334 views

CVE-2024-7971

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.8AI score0.00339EPSS

CVE•added 2019/12/10 10:15 p.m.•333 views

CVE-2019-13751

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.00511EPSS

CVE•added 2024/10/29 10:15 p.m.•332 views

CVE-2024-10487

Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS6.7AI score0.00246EPSS

CVE•added 2022/08/12 8:15 p.m.•331 views

CVE-2022-2603

Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00419EPSS

CVE•added 2023/10/11 11:15 p.m.•331 views

CVE-2023-5485

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00036EPSS

CVE•added 2019/02/19 5:29 p.m.•329 views

CVE-2019-5782

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS7AI score0.79803EPSS

CVE•added 2020/01/03 11:15 p.m.•329 views

CVE-2019-5845

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7AI score0.00966EPSS

CVE•added 2024/08/21 9:15 p.m.•328 views

CVE-2024-7976

Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.4AI score0.00116EPSS

CVE•added 2021/06/04 6:15 p.m.•327 views

CVE-2021-30517

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.14196EPSS

CVE•added 2024/08/21 9:15 p.m.•325 views

CVE-2024-8035

Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00082EPSS

CVE•added 2018/12/11 4:29 p.m.•324 views

CVE-2018-18335

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.01839EPSS

CVE•added 2019/12/10 10:15 p.m.•324 views

CVE-2019-13750

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.

6.5CVSS6.3AI score0.00139EPSS

CVE•added 2024/04/17 8:15 a.m.•324 views

CVE-2024-3834

Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.0059EPSS

CVE•added 2020/02/11 3:15 p.m.•323 views

CVE-2020-6405

Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.3AI score0.00691EPSS

CVE•added 2019/05/23 8:29 p.m.•322 views

CVE-2019-5789

An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

9.3CVSS8.5AI score0.39945EPSS

CVE•added 2024/08/21 9:15 p.m.•322 views

CVE-2024-7978

Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6AI score0.00083EPSS

CVE•added 2024/08/21 9:15 p.m.•322 views

CVE-2024-8033

Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00098EPSS

CVE•added 2024/01/16 10:15 p.m.•321 views

CVE-2024-0519

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.00226EPSS

Total number of security vulnerabilities3596