Chrome@* Security Vulnerabilities and Issues — Page 5 of Chrome@* CVE List

Lucene search

GoogleChrome*

3596 matches found

CVE•added 2019/05/23 8:29 p.m.•287 views

CVE-2019-5787

Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.3CVSS8.4AI score0.01576EPSS

CVE•added 2019/05/23 8:29 p.m.•287 views

CVE-2019-5790

An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.7AI score0.03543EPSS

CVE•added 2019/06/27 5:15 p.m.•287 views

CVE-2019-5829

Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8CVSS8.2AI score0.01864EPSS

CVE•added 2019/06/27 5:15 p.m.•287 views

CVE-2019-5836

Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01839EPSS

CVE•added 2024/03/06 7:15 p.m.•287 views

CVE-2024-2174

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.7AI score0.00121EPSS

CVE•added 2024/04/06 3:15 p.m.•287 views

CVE-2024-3156

Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8AI score0.01487EPSS

CVE•added 2025/06/24 8:15 p.m.•287 views

CVE-2025-6557

Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

5.4CVSS7.5AI score0.00063EPSS

CVE•added 2019/06/27 5:15 p.m.•286 views

CVE-2019-5832

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.01133EPSS

CVE•added 2019/06/27 5:15 p.m.•286 views

CVE-2019-5839

Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.

4.3CVSS5AI score0.01034EPSS

CVE•added 2020/04/13 6:15 p.m.•286 views

CVE-2020-6444

Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.8CVSS6.7AI score0.01386EPSS

CVE•added 2020/04/13 6:15 p.m.•286 views

CVE-2020-6451

Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00795EPSS

CVE•added 2023/08/03 1:15 a.m.•286 views

CVE-2023-4073

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.00591EPSS

CVE•added 2014/09/25 5:55 p.m.•285 views

CVE-2014-1568

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1...

7.5CVSS5.3AI score0.42007EPSS

CVE•added 2016/07/23 7:59 p.m.•285 views

CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

8.8CVSS7.8AI score0.04288EPSS

CVE•added 2019/05/23 8:29 p.m.•285 views

CVE-2019-5795

Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

8.8CVSS8.2AI score0.0065EPSS

CVE•added 2020/04/13 6:15 p.m.•285 views

CVE-2020-6455

Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01242EPSS

CVE•added 2023/01/10 8:15 p.m.•284 views

CVE-2023-0131

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS5.7AI score0.00029EPSS

CVE•added 2023/05/30 10:15 p.m.•284 views

CVE-2023-2939

Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)

7.8CVSS7.6AI score0.00021EPSS

CVE•added 2025/01/15 11:15 a.m.•284 views

CVE-2025-0434

Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.9AI score0.00133EPSS

CVE•added 2019/06/27 5:15 p.m.•283 views

CVE-2019-5809

Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.

8.8CVSS8.6AI score0.01514EPSS

CVE•added 2019/06/27 5:15 p.m.•282 views

CVE-2019-5828

Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8CVSS8.1AI score0.01514EPSS

CVE•added 2020/07/22 5:15 p.m.•282 views

CVE-2020-6525

Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.01613EPSS

CVE•added 2023/08/03 1:15 a.m.•282 views

CVE-2023-4071

Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.7AI score0.00496EPSS

CVE•added 2023/10/11 11:15 p.m.•282 views

CVE-2023-5481

Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.3AI score0.00103EPSS

CVE•added 2024/05/22 4:15 p.m.•282 views

CVE-2024-5158

Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.8AI score0.00113EPSS

CVE•added 2019/06/27 5:15 p.m.•281 views

CVE-2019-5818

Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.

6.5CVSS6.2AI score0.01057EPSS

CVE•added 2019/06/27 5:15 p.m.•281 views

CVE-2019-5824

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.01391EPSS

CVE•added 2023/08/03 1:15 a.m.•281 views

CVE-2023-4075

Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00593EPSS

CVE•added 2023/08/03 1:15 a.m.•281 views

CVE-2023-4077

Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

8.8CVSS7.7AI score0.00156EPSS

CVE•added 2024/04/17 8:15 a.m.•281 views

CVE-2024-3837

Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS6.4AI score0.00311EPSS

CVE•added 2020/04/13 6:15 p.m.•280 views

CVE-2020-6438

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.

4.3CVSS4.9AI score0.00691EPSS

CVE•added 2020/04/13 6:15 p.m.•280 views

CVE-2020-6441

Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

4.3CVSS4.8AI score0.00527EPSS

CVE•added 2024/12/12 1:40 a.m.•280 views

CVE-2024-12381

Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.2AI score0.00374EPSS

CVE•added 2020/04/13 6:15 p.m.•279 views

CVE-2020-6437

Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.

4.3CVSS5AI score0.00924EPSS

CVE•added 2022/07/27 10:15 p.m.•279 views

CVE-2022-1853

Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.00228EPSS

CVE•added 2019/05/23 8:29 p.m.•278 views

CVE-2019-5803

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS6.3AI score0.00323EPSS

CVE•added 2019/06/27 5:15 p.m.•278 views

CVE-2019-5813

Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01749EPSS

CVE•added 2019/06/27 5:15 p.m.•278 views

CVE-2019-5838

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.

4.3CVSS5.1AI score0.00474EPSS

CVE•added 2020/04/13 6:15 p.m.•278 views

CVE-2020-6439

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

8.8CVSS7.7AI score0.00878EPSS

CVE•added 2025/06/03 12:15 a.m.•278 views

CVE-2025-5419

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.00851EPSS

CVE•added 2019/05/23 8:29 p.m.•277 views

CVE-2019-5792

Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

8.8CVSS8.2AI score0.0065EPSS

CVE•added 2022/07/21 11:15 p.m.•277 views

CVE-2022-0972

Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00081EPSS

CVE•added 2023/10/11 11:15 p.m.•277 views

CVE-2023-5477

Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low)

4.3CVSS5AI score0.00023EPSS

CVE•added 2019/06/27 5:15 p.m.•276 views

CVE-2019-5820

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.5AI score0.01514EPSS

CVE•added 2020/04/13 6:15 p.m.•276 views

CVE-2020-6440

Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

4.3CVSS4.9AI score0.00695EPSS

CVE•added 2020/07/22 5:15 p.m.•276 views

CVE-2020-6526

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5CVSS6.7AI score0.0087EPSS

CVE•added 2022/07/26 10:15 p.m.•276 views

CVE-2022-1478

Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00419EPSS

CVE•added 2022/07/28 1:15 a.m.•276 views

CVE-2022-2158

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.00505EPSS

CVE•added 2023/08/03 1:15 a.m.•276 views

CVE-2023-4074

Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00437EPSS

CVE•added 2024/04/17 8:15 a.m.•276 views

CVE-2024-3847

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

9.8CVSS5.4AI score0.00049EPSS

Total number of security vulnerabilities3596