Chrome Security Vulnerabilities and Issues — Chrome CVE List

Lucene search

GoogleChrome

234 matches found

CVE•added 2024/02/21 4:15 a.m.•6247 views

CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

9.8CVSS4.7AI score0.00186EPSS

CVE•added 2020/11/03 3:15 a.m.•2047 views

CVE-2020-15999

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.6CVSS7.1AI score0.93154EPSS

In wild

CVE•added 2022/09/26 4:15 p.m.•1168 views

CVE-2022-3075

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS8.9AI score0.02037EPSS

In wild

CVE•added 2021/10/08 10:15 p.m.•1160 views

CVE-2021-37973

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.5AI score0.19205EPSS

In wild

CVE•added 2022/11/25 1:15 a.m.•1148 views

CVE-2022-4135

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

9.6CVSS9.3AI score0.00099EPSS

In wild

CVE•added 2021/10/08 9:15 p.m.•1100 views

CVE-2021-30633

Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.46777EPSS

In wild

CVE•added 2011/03/15 5:55 p.m.•1079 views

CVE-2011-0609

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windo...

9.3CVSS8.9AI score0.92398EPSS

In wild

CVE•added 2021/01/14 9:15 p.m.•1032 views

CVE-2020-6572

Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

9.3CVSS8.7AI score0.17943EPSS

In wild

CVE•added 2021/01/08 7:15 p.m.•1021 views

CVE-2020-16017

Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9AI score0.17653EPSS

In wild

CVE•added 2011/04/13 2:55 p.m.•1007 views

CVE-2011-0611

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x be...

9.3CVSS8.8AI score0.93698EPSS

In wild

CVE•added 2016/03/29 10:59 a.m.•1007 views

CVE-2016-1646

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted ...

9.3CVSS8.7AI score0.71722EPSS

In wild

CVE•added 2023/04/19 4:15 a.m.•983 views

CVE-2023-2136

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

9.6CVSS8.2AI score0.00392EPSS

In wild

CVE•added 2024/05/14 3:44 p.m.•709 views

CVE-2024-4671

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.3AI score0.00096EPSS

In wild

CVE•added 2024/05/01 1:15 p.m.•641 views

CVE-2024-4058

Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

9CVSS8.4AI score0.0582EPSS

CVE•added 2024/05/28 3:15 p.m.•528 views

CVE-2024-5274

Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.9AI score0.03229EPSS

In wild

CVE•added 2024/05/15 9:15 p.m.•465 views

CVE-2024-4947

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.9AI score0.00181EPSS

In wild

CVE•added 2023/11/29 12:15 p.m.•411 views

CVE-2023-6345

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

9.6CVSS9.2AI score0.00552EPSS

In wild

CVE•added 2020/05/21 4:15 a.m.•390 views

CVE-2020-6457

Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.01068EPSS

In wild

CVE•added 2024/08/21 9:15 p.m.•380 views

CVE-2024-7971

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.8AI score0.00351EPSS

In wild

CVE•added 2019/05/23 8:29 p.m.•328 views

CVE-2019-5789

An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

9.3CVSS8.5AI score0.39945EPSS

CVE•added 2019/05/23 8:29 p.m.•322 views

CVE-2019-5788

An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

9.3CVSS8.4AI score0.465EPSS

CVE•added 2024/04/17 8:15 a.m.•321 views

CVE-2024-3847

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

9.8CVSS5.4AI score0.00067EPSS

CVE•added 2022/07/28 1:15 a.m.•303 views

CVE-2022-2010

Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.3CVSS8.7AI score0.00509EPSS

CVE•added 2024/04/17 8:15 a.m.•303 views

CVE-2024-3845

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)

9.8CVSS5.4AI score0.00144EPSS

CVE•added 2020/07/22 5:15 p.m.•294 views

CVE-2020-6524

Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.3CVSS8.9AI score0.03228EPSS

CVE•added 2019/05/23 8:29 p.m.•293 views

CVE-2019-5787

Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.3CVSS8.4AI score0.01576EPSS

CVE•added 2024/05/15 9:15 p.m.•289 views

CVE-2024-4949

Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

9.6CVSS6.5AI score0.00188EPSS

CVE•added 2025/05/05 6:15 p.m.•283 views

CVE-2025-4052

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

9.8CVSS5.9AI score0.00061EPSS

CVE•added 2022/07/27 10:15 p.m.•282 views

CVE-2022-1853

Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.00698EPSS

CVE•added 2020/06/03 11:15 p.m.•276 views

CVE-2020-6493

Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.03614EPSS

CVE•added 2019/11/25 3:15 p.m.•272 views

CVE-2019-5870

Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.00356EPSS

CVE•added 2024/07/16 10:15 p.m.•272 views

CVE-2024-6779

Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.2AI score0.00341EPSS

CVE•added 2020/05/21 4:15 a.m.•268 views

CVE-2020-6469

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

9.6CVSS8.7AI score0.00702EPSS

CVE•added 2020/05/21 4:15 a.m.•265 views

CVE-2020-6465

Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.1AI score0.01485EPSS

CVE•added 2020/07/22 5:15 p.m.•263 views

CVE-2020-6523

Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.3CVSS8.7AI score0.0307EPSS

CVE•added 2020/07/22 5:15 p.m.•262 views

CVE-2020-6505

Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.00621EPSS

CVE•added 2020/05/21 4:15 a.m.•259 views

CVE-2020-6471

9.6CVSS8.7AI score0.00856EPSS

CVE•added 2020/05/21 4:15 a.m.•257 views

CVE-2020-6461

Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.0109EPSS

CVE•added 2020/05/21 4:15 a.m.•257 views

CVE-2020-6462

Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.00594EPSS

CVE•added 2020/07/22 5:15 p.m.•255 views

CVE-2020-6512

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.3CVSS8.6AI score0.04245EPSS

CVE•added 2023/03/21 9:15 p.m.•250 views

CVE-2023-1529

Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)

9.8CVSS9.2AI score0.00279EPSS

CVE•added 2025/08/22 9:15 p.m.•241 views

CVE-2025-4609

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

9.6CVSS5.8AI score0.00088EPSS

CVE•added 2022/04/05 1:15 a.m.•240 views

CVE-2022-0790

Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS8.9AI score0.00894EPSS

CVE•added 2022/07/25 2:15 p.m.•232 views

CVE-2022-1309

Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS8.7AI score0.0054EPSS

CVE•added 2019/02/19 5:29 p.m.•230 views

CVE-2019-5759

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS6AI score0.01655EPSS

CVE•added 2021/02/09 2:15 p.m.•219 views

CVE-2021-21132

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

9.6CVSS8.7AI score0.15757EPSS

CVE•added 2021/02/22 10:15 p.m.•216 views

CVE-2021-21150

Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.3AI score0.00779EPSS

CVE•added 2022/07/25 2:15 p.m.•213 views

CVE-2022-1312

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

9.6CVSS9.2AI score0.00233EPSS

CVE•added 2021/04/26 5:15 p.m.•211 views

CVE-2021-21201

Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.01055EPSS

CVE•added 2020/09/21 8:15 p.m.•209 views

CVE-2020-15963

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

9.6CVSS8.7AI score0.01511EPSS

Total number of security vulnerabilities234