Chrome Security Vulnerabilities and Issues — Chrome CVE List

Lucene search

GoogleChrome

354 matches found

CVE•added 2021/06/15 10:15 p.m.•1301 views

CVE-2021-30551

Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.78065EPSS

CVE•added 2021/08/03 7:15 p.m.•1280 views

CVE-2021-30563

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.08751EPSS

CVE•added 2021/01/08 7:15 p.m.•1269 views

CVE-2020-16012

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3CVSS5.5AI score0.03181EPSS

CVE•added 2021/04/26 5:15 p.m.•1266 views

CVE-2021-21224

Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.9AI score0.66739EPSS

CVE•added 2021/07/02 7:15 p.m.•1224 views

CVE-2021-30554

Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.24629EPSS

CVE•added 2021/04/26 5:15 p.m.•1217 views

CVE-2021-21220

Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.92805EPSS

CVE•added 2021/02/09 4:15 p.m.•1211 views

CVE-2021-21148

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9.1AI score0.50292EPSS

CVE•added 2021/04/26 5:15 p.m.•1189 views

CVE-2021-21206

Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.12795EPSS

CVE•added 2021/03/16 3:15 p.m.•1171 views

CVE-2021-21193

Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.12582EPSS

CVE•added 2021/03/09 6:15 p.m.•1160 views

CVE-2021-21166

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.41931EPSS

CVE•added 2021/10/08 9:15 p.m.•1151 views

CVE-2021-30632

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.2AI score0.84245EPSS

CVE•added 2021/10/08 10:15 p.m.•1125 views

CVE-2021-37973

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.5AI score0.19205EPSS

CVE•added 2021/11/23 10:15 p.m.•1099 views

CVE-2021-38003

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.764EPSS

CVE•added 2021/10/08 10:15 p.m.•1091 views

CVE-2021-37975

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.2AI score0.64007EPSS

CVE•added 2021/10/08 10:15 p.m.•1078 views

CVE-2021-37976

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.5AI score0.11445EPSS

CVE•added 2021/11/23 10:15 p.m.•1071 views

CVE-2021-38000

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.

6.1CVSS6.6AI score0.03083EPSS

CVE•added 2021/10/08 9:15 p.m.•1068 views

CVE-2021-30633

Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9.2AI score0.46777EPSS

CVE•added 2021/01/08 7:15 p.m.•1038 views

CVE-2020-16013

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.6CVSS8.6AI score0.25713EPSS

CVE•added 2021/01/08 7:15 p.m.•1018 views

CVE-2020-16017

Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9AI score0.2193EPSS

CVE•added 2021/01/14 9:15 p.m.•1000 views

CVE-2020-6572

Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

9.3CVSS8.7AI score0.2036EPSS

CVE•added 2021/06/15 10:15 p.m.•918 views

CVE-2021-30547

Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8CVSS5.9AI score0.00641EPSS

CVE•added 2021/06/07 8:15 p.m.•915 views

CVE-2021-30533

Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.

6.5CVSS6.5AI score0.05226EPSS

CVE•added 2021/02/22 10:15 p.m.•814 views

CVE-2021-21157

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01551EPSS

CVE•added 2021/02/09 2:15 p.m.•434 views

CVE-2020-16044

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

8.8CVSS9.1AI score0.00379EPSS

CVE•added 2021/04/30 9:15 p.m.•423 views

CVE-2021-21230

Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.03608EPSS

CVE•added 2021/08/03 7:15 p.m.•361 views

CVE-2021-30560

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00092EPSS

CVE•added 2021/06/04 6:15 p.m.•337 views

CVE-2021-30513

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01087EPSS

CVE•added 2021/08/03 8:15 p.m.•335 views

CVE-2021-30588

Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.00597EPSS

CVE•added 2021/06/04 6:15 p.m.•327 views

CVE-2021-30517

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.14196EPSS

CVE•added 2021/08/03 7:15 p.m.•312 views

CVE-2021-30561

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01211EPSS

CVE•added 2021/01/08 7:15 p.m.•272 views

CVE-2020-16042

Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.7AI score0.00396EPSS

CVE•added 2021/01/08 7:15 p.m.•268 views

CVE-2020-16027

Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension.

6.5CVSS6.5AI score0.00129EPSS

CVE•added 2021/06/07 8:15 p.m.•267 views

CVE-2021-30535

Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.5AI score0.00594EPSS

CVE•added 2021/07/02 7:15 p.m.•250 views

CVE-2021-30557

Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00921EPSS

CVE•added 2021/04/30 9:15 p.m.•249 views

CVE-2021-21227

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.03176EPSS

CVE•added 2021/06/15 10:15 p.m.•249 views

CVE-2021-30544

Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00342EPSS

CVE•added 2021/07/02 7:15 p.m.•246 views

CVE-2021-30555

Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.

8.8CVSS8.8AI score0.00287EPSS

CVE•added 2021/03/16 3:15 p.m.•243 views

CVE-2021-21191

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00987EPSS

CVE•added 2021/06/04 6:15 p.m.•241 views

CVE-2021-30510

Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00605EPSS

CVE•added 2021/04/30 9:15 p.m.•238 views

CVE-2021-21231

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.01953EPSS

CVE•added 2021/07/02 7:15 p.m.•233 views

CVE-2021-30556

Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00611EPSS

CVE•added 2021/08/03 8:15 p.m.•233 views

CVE-2021-30565

Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

8.8CVSS8.4AI score0.00208EPSS

CVE•added 2021/04/09 10:15 p.m.•231 views

CVE-2021-21199

Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00668EPSS

CVE•added 2021/06/15 10:15 p.m.•231 views

CVE-2021-30553

Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00609EPSS

CVE•added 2021/02/22 10:15 p.m.•230 views

CVE-2021-21156

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.

8.8CVSS8.9AI score0.01604EPSS

CVE•added 2021/04/09 10:15 p.m.•230 views

CVE-2021-21194

Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00587EPSS

CVE•added 2021/06/04 6:15 p.m.•230 views

CVE-2021-30512

Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.00605EPSS

CVE•added 2021/06/04 6:15 p.m.•230 views

CVE-2021-30518

Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.00875EPSS

CVE•added 2021/04/09 10:15 p.m.•229 views

CVE-2021-21195

Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.001EPSS

CVE•added 2021/04/30 9:15 p.m.•229 views

CVE-2021-21233

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.02329EPSS

Total number of security vulnerabilities354