Chrome Security Vulnerabilities and Issues — Chrome CVE List

Lucene search

GoogleChrome

35 matches found

CVE•added 2021/03/16 3:15 p.m.•1197 views

CVE-2021-21193

Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.12582EPSS

CVE•added 2021/03/09 6:15 p.m.•1188 views

CVE-2021-21166

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.41931EPSS

CVE•added 2021/03/16 3:15 p.m.•244 views

CVE-2021-21191

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00987EPSS

CVE•added 2021/03/09 6:15 p.m.•210 views

CVE-2021-21172

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

8.1CVSS7.4AI score0.00419EPSS

CVE•added 2021/03/16 3:15 p.m.•206 views

CVE-2021-21192

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.01464EPSS

CVE•added 2021/03/09 6:15 p.m.•198 views

CVE-2021-21188

Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01282EPSS

CVE•added 2021/03/09 6:15 p.m.•193 views

CVE-2021-21160

Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.02306EPSS

CVE•added 2021/03/09 6:15 p.m.•193 views

CVE-2021-21183

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3CVSS4.8AI score0.00593EPSS

CVE•added 2021/03/09 6:15 p.m.•192 views

CVE-2021-21159

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01688EPSS

CVE•added 2021/03/09 6:15 p.m.•190 views

CVE-2021-21185

Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.

4.3CVSS4.9AI score0.00607EPSS

CVE•added 2021/03/09 6:15 p.m.•190 views

CVE-2021-21190

Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

8.8CVSS7.6AI score0.01249EPSS

CVE•added 2021/03/09 6:15 p.m.•189 views

CVE-2021-21161

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01688EPSS

CVE•added 2021/03/09 6:15 p.m.•188 views

CVE-2021-21171

Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.2AI score0.00973EPSS

CVE•added 2021/03/09 6:15 p.m.•186 views

CVE-2021-21162

Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01441EPSS

CVE•added 2021/03/09 6:15 p.m.•186 views

CVE-2021-21163

Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.

6.5CVSS6.2AI score0.00575EPSS

CVE•added 2021/03/09 6:15 p.m.•185 views

CVE-2021-21164

Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.1AI score0.00408EPSS

CVE•added 2021/03/09 6:15 p.m.•183 views

CVE-2021-21176

Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.1AI score0.00973EPSS

CVE•added 2021/03/09 6:15 p.m.•183 views

CVE-2021-21187

Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

4.3CVSS5AI score0.00926EPSS

CVE•added 2021/03/09 6:15 p.m.•183 views

CVE-2021-21189

Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.00616EPSS

CVE•added 2021/03/09 6:15 p.m.•182 views

CVE-2021-21181

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.01357EPSS

CVE•added 2021/03/09 6:15 p.m.•182 views

CVE-2021-21182

Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

6.5CVSS6.3AI score0.0034EPSS

CVE•added 2021/03/09 6:15 p.m.•181 views

CVE-2021-21167

Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01282EPSS

CVE•added 2021/03/09 6:15 p.m.•181 views

CVE-2021-21174

Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

8.8CVSS7.7AI score0.00589EPSS

CVE•added 2021/03/09 6:15 p.m.•181 views

CVE-2021-21177

Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.01391EPSS

CVE•added 2021/03/09 6:15 p.m.•181 views

CVE-2021-21179

Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01282EPSS

CVE•added 2021/03/09 6:15 p.m.•181 views

CVE-2021-21184

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3CVSS4.8AI score0.00593EPSS

CVE•added 2021/03/09 6:15 p.m.•181 views

CVE-2021-21186

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.

4.3CVSS5.2AI score0.00319EPSS

CVE•added 2021/03/09 6:15 p.m.•180 views

CVE-2021-21168

Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.01357EPSS

CVE•added 2021/03/09 6:15 p.m.•179 views

CVE-2021-21175

Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00711EPSS

CVE•added 2021/03/09 6:15 p.m.•178 views

CVE-2021-21165

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.01348EPSS

CVE•added 2021/03/09 6:15 p.m.•178 views

CVE-2021-21180

Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01282EPSS

CVE•added 2021/03/09 6:15 p.m.•176 views

CVE-2021-21170

Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.2AI score0.00973EPSS

CVE•added 2021/03/09 6:15 p.m.•175 views

CVE-2021-21178

Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.2AI score0.00973EPSS

CVE•added 2021/03/09 6:15 p.m.•172 views

CVE-2021-21169

Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8CVSS8AI score0.01282EPSS

CVE•added 2021/03/09 6:15 p.m.•172 views

CVE-2021-21173

Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.01156EPSS