Chrome Security Vulnerabilities and Issues — Chrome CVE List

Lucene search

GoogleChrome

26 matches found

CVE•added 2024/09/17 9:15 p.m.•411 views

CVE-2024-8907

Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)

6.1CVSS6AI score0.00166EPSS

CVE•added 2024/09/03 11:15 p.m.•328 views

CVE-2024-8362

Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.1AI score0.00142EPSS

CVE•added 2024/09/17 9:15 p.m.•323 views

CVE-2024-8904

Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00167EPSS

CVE•added 2024/09/03 11:15 p.m.•304 views

CVE-2024-7970

Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.00154EPSS

CVE•added 2024/09/11 2:15 p.m.•278 views

CVE-2024-8636

Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.1AI score0.00185EPSS

CVE•added 2024/09/17 9:15 p.m.•274 views

CVE-2024-8905

Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS6.5AI score0.00167EPSS

CVE•added 2024/09/11 2:15 p.m.•270 views

CVE-2024-8639

Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7AI score0.00207EPSS

CVE•added 2024/09/17 9:15 p.m.•267 views

CVE-2024-8906

Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.2AI score0.00138EPSS

CVE•added 2024/09/17 9:15 p.m.•264 views

CVE-2024-8909

Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS5.9AI score0.00103EPSS

CVE•added 2024/09/11 2:15 p.m.•263 views

CVE-2024-8638

Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.4AI score0.00147EPSS

CVE•added 2024/09/11 2:15 p.m.•254 views

CVE-2024-8637

Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7AI score0.00147EPSS

CVE•added 2024/09/17 9:15 p.m.•248 views

CVE-2024-8908

Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.2AI score0.00097EPSS

CVE•added 2024/09/25 1:15 a.m.•127 views

CVE-2024-9120

Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.1AI score0.00146EPSS

CVE•added 2024/09/25 1:15 a.m.•106 views

CVE-2024-9121

Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.4AI score0.0013EPSS

CVE•added 2024/09/25 1:15 a.m.•102 views

CVE-2024-9122

Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.4AI score0.00828EPSS

CVE•added 2024/09/25 1:15 a.m.•92 views

CVE-2024-9123

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.7AI score0.00104EPSS

CVE•added 2024/09/23 10:15 p.m.•66 views

CVE-2018-20072

Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low)

7.8CVSS6.8AI score0.00019EPSS

CVE•added 2024/09/23 11:15 p.m.•54 views

CVE-2024-7023

Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

8.8CVSS6.7AI score0.00055EPSS

CVE•added 2024/09/23 11:15 p.m.•54 views

CVE-2024-7024

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

9.6CVSS6.5AI score0.00085EPSS

CVE•added 2024/09/23 10:15 p.m.•49 views

CVE-2024-7022

Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS6.7AI score0.0016EPSS

CVE•added 2024/09/23 10:15 p.m.•46 views

CVE-2021-38023

Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.3AI score0.00161EPSS

CVE•added 2024/09/23 10:15 p.m.•46 views

CVE-2024-7019

Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.4AI score0.00055EPSS

CVE•added 2024/09/23 10:15 p.m.•44 views

CVE-2023-7282

Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00048EPSS

CVE•added 2024/09/23 10:15 p.m.•42 views

CVE-2024-7020

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00055EPSS

CVE•added 2024/09/23 10:15 p.m.•41 views

CVE-2024-7018

Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

8.8CVSS7.5AI score0.00073EPSS

CVE•added 2024/09/23 10:15 p.m.•38 views

CVE-2023-7281

Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.4AI score0.00048EPSS