Google Chrome vulnerabilities

3,975 known vulnerabilities affecting google/chrome.

Total CVEs

3,975

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11

Vulnerabilities

Page 100 of 199

CVE-2019-13746MEDIUMCVSS 6.5fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10

CVE-2019-13746 [MEDIUM] CVE-2019-13746: Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote a Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

nvd

CVE-2019-13762LOWCVSS 3.3fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10

CVE-2019-13762 [LOW] CWE-667 CVE-2019-13762: Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allow Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.

nvd

CVE-2019-5870CRITICALCVSS 9.6fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25

CVE-2019-5870 [CRITICAL] CWE-416 CVE-2019-5870: Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentia Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

nvd

CVE-2019-5850CRITICALCVSS 9.6fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25

CVE-2019-5850 [CRITICAL] CWE-416 CVE-2019-5850: Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

nvd

CVE-2019-5866CRITICALCVSS 9.8fixed in 75.0.3770.142≥ unspecified, < 75.0.3770.1422019-11-25

CVE-2019-5866 [CRITICAL] CWE-787 CVE-2019-5866: Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote a Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2019-5849HIGHCVSS 8.1fixed in 75.0.3770.80≥ unspecified, < 75.0.3770.802019-11-25

CVE-2019-5849 [HIGH] CWE-125 CVE-2019-5849: Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtai Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

nvd

CVE-2019-5876HIGHCVSS 8.8fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25

CVE-2019-5876 [HIGH] CWE-416 CVE-2019-5876: Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2019-13724HIGHCVSS 8.8fixed in 78.0.3904.108≥ unspecified, < 78.0.3904.1082019-11-25

CVE-2019-13724 [HIGH] CWE-787 CVE-2019-13724: Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2019-13720HIGHCVSS 8.8KEVPoCfixed in 78.0.3904.87≥ unspecified, < 78.0.3904.872019-11-25

CVE-2019-13720 [HIGH] CWE-416 CVE-2019-13720: Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to poten Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2019-5856HIGHCVSS 8.8fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25

CVE-2019-5856 [HIGH] CWE-20 CVE-2019-5856: Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote a Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

nvd

CVE-2019-13694HIGHCVSS 8.8fixed in 77.0.3865.120≥ unspecified, < 77.0.3865.1202019-11-25

CVE-2019-13694 [HIGH] CWE-416 CVE-2019-13694: Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potent Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2019-13692HIGHCVSS 8.8fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25

CVE-2019-13692 [HIGH] CWE-20 CVE-2019-13692: Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remo Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.

nvd

CVE-2019-13721HIGHCVSS 8.8fixed in 78.0.3904.87≥ unspecified, < 78.0.3904.872019-11-25

CVE-2019-13721 [HIGH] CWE-416 CVE-2019-13721: Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potenti Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2019-13698HIGHCVSS 8.8fixed in 73.0.3683.103≥ unspecified, < 73.0.3683.1032019-11-25

CVE-2019-13698 [HIGH] CWE-787 CVE-2019-13698: Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote a Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2019-5853HIGHCVSS 8.8fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25

CVE-2019-5853 [HIGH] CWE-682 CVE-2019-5853: Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote a Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2019-5878HIGHCVSS 8.8fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25

CVE-2019-5878 [HIGH] CWE-416 CVE-2019-5878: Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2019-13682HIGHCVSS 8.8fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25

CVE-2019-13682 [HIGH] CWE-281 CVE-2019-13682: Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

nvd

CVE-2019-13687HIGHCVSS 8.8fixed in 77.0.3865.90≥ unspecified, < 77.0.3865.902019-11-25

CVE-2019-13687 [HIGH] CWE-416 CVE-2019-13687: Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentia Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2019-13702HIGHCVSS 7.8fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25

CVE-2019-13702 [HIGH] CWE-269 CVE-2019-13702: Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.

nvd

CVE-2019-13666HIGHCVSS 7.4fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25

CVE-2019-13666 [HIGH] CWE-203 CVE-2019-13666: Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

nvd

← Previous100 / 199Next →