Chrome@* Security Vulnerabilities and Issues — Page 7 of Chrome@* CVE List

Lucene search

GoogleChrome*

3615 matches found

CVE•added 2014/09/25 5:55 p.m.•289 views

CVE-2014-1568

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1...

7.5CVSS5.3AI score0.41418EPSS

CVE•added 2020/04/13 6:15 p.m.•289 views

CVE-2020-6451

Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00795EPSS

CVE•added 2024/06/11 9:15 p.m.•289 views

CVE-2024-5842

Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7AI score0.00301EPSS

CVE•added 2024/06/11 9:15 p.m.•289 views

CVE-2024-5847

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

8.8CVSS7.4AI score0.00256EPSS

CVE•added 2024/06/24 10:15 p.m.•289 views

CVE-2024-6292

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.1AI score0.00246EPSS

CVE•added 2024/09/11 2:15 p.m.•289 views

CVE-2024-8639

Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7AI score0.00207EPSS

CVE•added 2025/05/05 6:15 p.m.•289 views

CVE-2025-4052

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

9.8CVSS5.9AI score0.00061EPSS

CVE•added 2019/06/27 5:15 p.m.•288 views

CVE-2019-5828

Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8CVSS8.1AI score0.01749EPSS

CVE•added 2023/01/10 8:15 p.m.•288 views

CVE-2023-0131

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS5.7AI score0.00029EPSS

CVE•added 2024/06/11 9:15 p.m.•288 views

CVE-2024-5835

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.4AI score0.00075EPSS

CVE•added 2019/06/27 5:15 p.m.•287 views

CVE-2019-5809

Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.

8.8CVSS8.6AI score0.01514EPSS

CVE•added 2024/06/11 9:15 p.m.•287 views

CVE-2024-5841

Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.3AI score0.00256EPSS

CVE•added 2019/06/27 5:15 p.m.•286 views

CVE-2019-5824

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.01655EPSS

CVE•added 2020/04/13 6:15 p.m.•286 views

CVE-2020-6438

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.

4.3CVSS4.9AI score0.00691EPSS

CVE•added 2020/04/13 6:15 p.m.•286 views

CVE-2020-6441

Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

4.3CVSS4.8AI score0.00527EPSS

CVE•added 2024/06/11 9:15 p.m.•286 views

CVE-2024-5837

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00196EPSS

CVE•added 2024/08/28 11:15 p.m.•286 views

CVE-2024-8194

Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00141EPSS

CVE•added 2019/05/23 8:29 p.m.•285 views

CVE-2019-5803

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS6.3AI score0.00323EPSS

CVE•added 2019/06/27 5:15 p.m.•285 views

CVE-2019-5818

Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.

6.5CVSS6.2AI score0.01057EPSS

CVE•added 2024/09/17 9:15 p.m.•285 views

CVE-2024-8906

Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.2AI score0.00138EPSS

CVE•added 2019/12/10 10:15 p.m.•284 views

CVE-2019-13753

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.02219EPSS

CVE•added 2019/05/23 8:29 p.m.•284 views

CVE-2019-5792

Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

8.8CVSS8.2AI score0.0065EPSS

CVE•added 2019/06/27 5:15 p.m.•284 views

CVE-2019-5838

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.

4.3CVSS5.1AI score0.00474EPSS

CVE•added 2020/04/13 6:15 p.m.•284 views

CVE-2020-6437

Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.

4.3CVSS5AI score0.00924EPSS

CVE•added 2020/04/13 6:15 p.m.•283 views

CVE-2020-6439

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

8.8CVSS7.7AI score0.00878EPSS

CVE•added 2020/07/22 5:15 p.m.•283 views

CVE-2020-6526

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5CVSS6.7AI score0.0087EPSS

CVE•added 2023/10/11 11:15 p.m.•283 views

CVE-2023-5479

Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.4AI score0.00033EPSS

CVE•added 2024/11/12 9:15 p.m.•283 views

CVE-2024-11115

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)

8.8CVSS6.6AI score0.0022EPSS

CVE•added 2024/09/11 2:15 p.m.•283 views

CVE-2024-8638

Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.4AI score0.00147EPSS

CVE•added 2024/09/17 9:15 p.m.•283 views

CVE-2024-8909

Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS5.9AI score0.00103EPSS

CVE•added 2019/05/23 8:29 p.m.•282 views

CVE-2019-5799

Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS6.4AI score0.00238EPSS

CVE•added 2019/06/27 5:15 p.m.•282 views

CVE-2019-5813

Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01749EPSS

CVE•added 2022/07/27 10:15 p.m.•282 views

CVE-2022-1853

Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.00698EPSS

CVE•added 2020/04/13 6:15 p.m.•281 views

CVE-2020-6440

Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

4.3CVSS4.9AI score0.00695EPSS

CVE•added 2019/06/27 5:15 p.m.•280 views

CVE-2019-5820

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.5AI score0.01514EPSS

CVE•added 2022/07/28 1:15 a.m.•280 views

CVE-2022-2158

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.00611EPSS

CVE•added 2019/11/25 3:15 p.m.•279 views

CVE-2019-13685

Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00356EPSS

CVE•added 2020/05/21 4:15 a.m.•279 views

CVE-2020-6479

Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5CVSS6.5AI score0.00817EPSS

CVE•added 2022/07/21 11:15 p.m.•279 views

CVE-2022-0972

Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00118EPSS

CVE•added 2022/07/26 10:15 p.m.•279 views

CVE-2022-1478

Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01116EPSS

CVE•added 2024/12/12 1:40 a.m.•279 views

CVE-2024-12382

Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.00449EPSS

CVE•added 2024/07/16 10:15 p.m.•279 views

CVE-2024-6779

Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.2AI score0.00341EPSS

CVE•added 2020/04/13 6:15 p.m.•278 views

CVE-2020-6456

Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.

6.5CVSS6.4AI score0.00612EPSS

CVE•added 2020/05/21 4:15 a.m.•278 views

CVE-2020-6475

Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5CVSS6.5AI score0.01409EPSS

CVE•added 2024/07/16 10:15 p.m.•278 views

CVE-2024-6774

Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.00401EPSS

CVE•added 2018/08/28 7:29 p.m.•277 views

CVE-2017-15412

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS7AI score0.03249EPSS

CVE•added 2019/06/27 5:15 p.m.•277 views

CVE-2019-5834

Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.3AI score0.00442EPSS

CVE•added 2020/02/27 11:15 p.m.•277 views

CVE-2020-6407

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.5AI score0.00952EPSS

CVE•added 2020/06/03 11:15 p.m.•277 views

CVE-2020-6493

Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.03614EPSS

CVE•added 2024/06/11 9:15 p.m.•277 views

CVE-2024-5843

Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)

8.8CVSS6.6AI score0.00063EPSS

Total number of security vulnerabilities3615