Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 101 of 199
CVE-2019-5871HIGHCVSS 8.8fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-5871 [HIGH] CWE-787 CVE-2019-5871: Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to pot
Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13686HIGHCVSS 8.8fixed in 77.0.3865.90≥ unspecified, < 77.0.3865.902019-11-25
CVE-2019-13686 [HIGH] CWE-416 CVE-2019-13686: Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to p
Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5877HIGHCVSS 8.8fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-5877 [HIGH] CWE-787 CVE-2019-5877: Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote at
Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13723HIGHCVSS 8.8fixed in 78.0.3904.108≥ unspecified, < 78.0.3904.1082019-11-25
CVE-2019-13723 [HIGH] CWE-416 CVE-2019-13723: Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5854HIGHCVSS 8.8fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25
CVE-2019-5854 [HIGH] CWE-190 CVE-2019-5854: Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to poten
Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2019-13699HIGHCVSS 8.8fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25
CVE-2019-13699 [HIGH] CWE-416 CVE-2019-13699: Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had com
Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13696HIGHCVSS 8.8fixed in 77.0.3865.120≥ unspecified, < 77.0.3865.1202019-11-25
CVE-2019-13696 [HIGH] CWE-416 CVE-2019-13696: Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to po
Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13700HIGHCVSS 8.8fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25
CVE-2019-13700 [HIGH] CWE-787 CVE-2019-13700: Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remo
Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5858HIGHCVSS 8.8fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25
CVE-2019-5858 [HIGH] CWE-20 CVE-2019-5858: Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 a
Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page.
nvd
CVE-2019-13695HIGHCVSS 8.8fixed in 77.0.3865.120≥ unspecified, < 77.0.3865.1202019-11-25
CVE-2019-13695 [HIGH] CWE-416 CVE-2019-13695: Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker
Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5859HIGHCVSS 8.8fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25
CVE-2019-5859 [HIGH] CVE-2019-5859: Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a re
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2019-13693HIGHCVSS 8.8fixed in 77.0.3865.120≥ unspecified, < 77.0.3865.1202019-11-25
CVE-2019-13693 [HIGH] CWE-416 CVE-2019-13693: Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who ha
Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
nvd
CVE-2019-5851HIGHCVSS 8.8fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25
CVE-2019-5851 [HIGH] CWE-416 CVE-2019-5851: Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to poten
Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5880HIGHCVSS 7.4fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-5880 [HIGH] CWE-200 CVE-2019-5880: Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote att
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2019-13673HIGHCVSS 7.4fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13673 [HIGH] CWE-862 CVE-2019-13673: Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a rem
Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2019-13685HIGHCVSS 8.8fixed in 77.0.3865.90≥ unspecified, < 77.0.3865.902019-11-25
CVE-2019-13685 [HIGH] CWE-416 CVE-2019-13685: Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to p
Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5874HIGHCVSS 8.8fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-5874 [HIGH] CVE-2019-5874: Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a re
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2019-5881HIGHCVSS 8.1fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-5881 [HIGH] CWE-125 CVE-2019-5881: Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker t
Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2019-13688HIGHCVSS 8.8fixed in 77.0.3865.90≥ unspecified, < 77.0.3865.902019-11-25
CVE-2019-13688 [HIGH] CWE-416 CVE-2019-13688: Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentia
Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13706HIGHCVSS 7.8fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25
CVE-2019-13706 [HIGH] CWE-787 CVE-2019-13706: Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attack
Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
nvd