Chrome Security Vulnerabilities and Issues — Chrome CVE List

Lucene search

GoogleChrome

31 matches found

CVE•added 2023/05/30 10:15 p.m.•435 views

CVE-2023-2940

Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.4AI score0.00022EPSS

CVE•added 2023/05/30 10:15 p.m.•365 views

CVE-2023-2941

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)

4.3CVSS5AI score0.00083EPSS

CVE•added 2023/05/30 10:15 p.m.•308 views

CVE-2023-2937

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.7AI score0.00128EPSS

CVE•added 2023/05/30 10:15 p.m.•289 views

CVE-2023-2938

4.3CVSS4.7AI score0.00128EPSS

CVE•added 2023/05/30 10:15 p.m.•284 views

CVE-2023-2939

Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)

7.8CVSS7.6AI score0.00021EPSS

CVE•added 2023/05/03 12:15 a.m.•153 views

CVE-2023-2466

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.7AI score0.00163EPSS

CVE•added 2023/05/16 7:15 p.m.•152 views

CVE-2023-2721

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS8.8AI score0.00245EPSS

CVE•added 2023/05/30 10:15 p.m.•148 views

CVE-2023-2936

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.07628EPSS

CVE•added 2023/05/16 7:15 p.m.•146 views

CVE-2023-2725

Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.05529EPSS

CVE•added 2023/05/30 10:15 p.m.•143 views

CVE-2023-2929

Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.00535EPSS

CVE•added 2023/05/16 7:15 p.m.•140 views

CVE-2023-2724

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.10332EPSS

CVE•added 2023/05/03 12:15 a.m.•135 views

CVE-2023-2460

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

7.1CVSS6.7AI score0.00023EPSS

CVE•added 2023/05/16 7:15 p.m.•135 views

CVE-2023-2723

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.14058EPSS

CVE•added 2023/05/30 10:15 p.m.•132 views

CVE-2023-2935

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.06733EPSS

CVE•added 2023/05/16 7:15 p.m.•131 views

CVE-2023-2722

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.7AI score0.00258EPSS

CVE•added 2023/05/30 10:15 p.m.•129 views

CVE-2023-2932

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

8.8CVSS8.8AI score0.0039EPSS

CVE•added 2023/05/03 12:15 a.m.•126 views

CVE-2023-2459

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.3AI score0.0002EPSS

CVE•added 2023/05/16 7:15 p.m.•126 views

CVE-2023-2726

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.8AI score0.0002EPSS

CVE•added 2023/05/30 10:15 p.m.•124 views

CVE-2023-2930

Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00127EPSS

CVE•added 2023/05/30 10:15 p.m.•123 views

CVE-2023-2934

Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.00725EPSS

CVE•added 2023/05/30 10:15 p.m.•122 views

CVE-2023-2931

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

8.8CVSS8.8AI score0.0039EPSS

CVE•added 2023/05/30 10:15 p.m.•121 views

CVE-2023-2933

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

8.8CVSS8.8AI score0.0039EPSS

CVE•added 2023/05/03 12:15 a.m.•119 views

CVE-2023-2467

Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.8AI score0.00017EPSS

CVE•added 2023/05/03 12:15 a.m.•117 views

CVE-2023-2468

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00163EPSS

CVE•added 2023/05/03 12:15 a.m.•116 views

CVE-2023-2465

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.8AI score0.00139EPSS

CVE•added 2023/05/03 12:15 a.m.•109 views

CVE-2023-2464

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS5AI score0.00126EPSS

CVE•added 2023/05/03 12:15 a.m.•105 views

CVE-2023-2461

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)

8.8CVSS8.9AI score0.00443EPSS

CVE•added 2023/05/03 12:15 a.m.•98 views

CVE-2023-2462

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.9AI score0.00163EPSS

CVE•added 2023/05/03 12:15 a.m.•93 views

CVE-2023-2463

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.7AI score0.00163EPSS

CVE•added 2023/05/12 6:15 p.m.•68 views

CVE-2023-2457

Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)

8.8CVSS8.8AI score0.00217EPSS

CVE•added 2023/05/12 6:15 p.m.•65 views

CVE-2023-2458

Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)

8.8CVSS9.1AI score0.00217EPSS