Chrome Security Vulnerabilities and Issues — Chrome CVE List

Lucene search

GoogleChrome

46 matches found

CVE•added 2024/08/21 9:15 p.m.•345 views

CVE-2024-7971

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.8AI score0.00296EPSS

CVE•added 2024/08/21 9:15 p.m.•339 views

CVE-2024-7976

Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.4AI score0.00116EPSS

CVE•added 2024/08/21 9:15 p.m.•336 views

CVE-2024-8035

Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00082EPSS

CVE•added 2024/08/21 9:15 p.m.•333 views

CVE-2024-7978

Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6AI score0.00083EPSS

CVE•added 2024/08/21 9:15 p.m.•333 views

CVE-2024-8033

Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00098EPSS

CVE•added 2024/08/21 9:15 p.m.•331 views

CVE-2024-7975

Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.4AI score0.00117EPSS

CVE•added 2024/08/21 9:15 p.m.•318 views

CVE-2024-7965

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.09732EPSS

CVE•added 2024/08/01 6:15 p.m.•283 views

CVE-2024-6990

Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS6.3AI score0.00267EPSS

CVE•added 2024/08/21 9:15 p.m.•254 views

CVE-2024-7969

Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.5AI score0.0019EPSS

CVE•added 2024/08/01 6:15 p.m.•252 views

CVE-2024-7255

Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.2AI score0.00195EPSS

CVE•added 2024/08/01 6:15 p.m.•250 views

CVE-2024-7256

Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.1AI score0.0031EPSS

CVE•added 2024/08/06 9:16 p.m.•250 views

CVE-2024-7535

Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00222EPSS

CVE•added 2024/08/28 11:15 p.m.•247 views

CVE-2024-8198

Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.2AI score0.00246EPSS

CVE•added 2024/08/28 11:15 p.m.•245 views

CVE-2024-8194

Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00141EPSS

CVE•added 2024/08/06 9:16 p.m.•237 views

CVE-2024-7550

Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00222EPSS

CVE•added 2024/08/06 9:16 p.m.•235 views

CVE-2024-7532

Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

8.8CVSS6.8AI score0.0025EPSS

CVE•added 2024/08/21 9:15 p.m.•235 views

CVE-2024-7977

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

7.8CVSS6.5AI score0.00023EPSS

CVE•added 2024/08/21 9:15 p.m.•233 views

CVE-2024-7981

Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00133EPSS

CVE•added 2024/08/21 9:15 p.m.•233 views

CVE-2024-8034

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00137EPSS

CVE•added 2024/08/21 9:15 p.m.•230 views

CVE-2024-7967

Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.9AI score0.00242EPSS

CVE•added 2024/08/28 11:15 p.m.•230 views

CVE-2024-8193

8.8CVSS7.2AI score0.00313EPSS

CVE•added 2024/08/21 9:15 p.m.•229 views

CVE-2024-7968

Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.2AI score0.00272EPSS

CVE•added 2024/08/21 9:15 p.m.•228 views

CVE-2024-7979

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)

7.8CVSS6.7AI score0.00011EPSS

CVE•added 2024/08/21 9:15 p.m.•227 views

CVE-2024-7972

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS6.6AI score0.00216EPSS

CVE•added 2024/08/21 9:15 p.m.•226 views

CVE-2024-7964

Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.2AI score0.00272EPSS

CVE•added 2024/08/21 9:15 p.m.•225 views

CVE-2024-7966

Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00277EPSS

CVE•added 2024/08/21 9:15 p.m.•221 views

CVE-2024-7974

Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

8.8CVSS6.8AI score0.00248EPSS

CVE•added 2024/08/21 9:15 p.m.•221 views

CVE-2024-7980

7.8CVSS6.3AI score0.00011EPSS

CVE•added 2024/08/06 9:16 p.m.•219 views

CVE-2024-7536

Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.1AI score0.00205EPSS

CVE•added 2024/08/21 9:15 p.m.•219 views

CVE-2024-7973

Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium)

8.8CVSS6.9AI score0.00238EPSS

CVE•added 2024/08/06 9:16 p.m.•217 views

CVE-2024-7534

Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.3AI score0.00241EPSS

CVE•added 2024/08/06 4:15 p.m.•91 views

CVE-2024-6988

Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7AI score0.00222EPSS

CVE•added 2024/08/06 4:15 p.m.•89 views

CVE-2024-7004

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)

4.3CVSS6.5AI score0.00048EPSS

CVE•added 2024/08/06 4:15 p.m.•81 views

CVE-2024-6996

Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

3.1CVSS6.4AI score0.00086EPSS

CVE•added 2024/08/06 4:15 p.m.•77 views

CVE-2024-7001

Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.4AI score0.0009EPSS

CVE•added 2024/08/06 4:15 p.m.•71 views

CVE-2024-7003

Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00056EPSS

CVE•added 2024/08/06 4:15 p.m.•68 views

CVE-2024-6995

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS6.1AI score0.00148EPSS

CVE•added 2024/08/06 4:15 p.m.•67 views

CVE-2024-6989

Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.3AI score0.00226EPSS

CVE•added 2024/08/06 4:15 p.m.•67 views

CVE-2024-6999

4.3CVSS6.4AI score0.0009EPSS

CVE•added 2024/08/06 4:15 p.m.•64 views

CVE-2024-7005

8.8CVSS6.5AI score0.00043EPSS

CVE•added 2024/08/06 4:15 p.m.•54 views

CVE-2024-6994

Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.4AI score0.00241EPSS

CVE•added 2024/08/06 9:16 p.m.•54 views

CVE-2024-7533

Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.9AI score0.00222EPSS

CVE•added 2024/08/06 4:15 p.m.•51 views

CVE-2024-6998

Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.2AI score0.00208EPSS

CVE•added 2024/08/06 4:15 p.m.•50 views

CVE-2024-6991

Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.3AI score0.00222EPSS

CVE•added 2024/08/06 4:15 p.m.•44 views

CVE-2024-7000

Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.2AI score0.00208EPSS

CVE•added 2024/08/06 4:15 p.m.•43 views

CVE-2024-6997

Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS7.2AI score0.00208EPSS