Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 102 of 199
CVE-2019-13668HIGHCVSS 7.4fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13668 [HIGH] CWE-281 CVE-2019-13668: Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2019-5865MEDIUMCVSS 6.5fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25
CVE-2019-5865 [MEDIUM] CWE-862 CVE-2019-5865: Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remo
Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
nvd
CVE-2019-13670MEDIUMCVSS 6.5fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13670 [MEDIUM] CWE-787 CVE-2019-13670: Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote a
Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13711MEDIUMCVSS 5.3fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25
CVE-2019-13711 [MEDIUM] CVE-2019-13711: Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remot
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2019-13691MEDIUMCVSS 4.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13691 [MEDIUM] CVE-2019-13691: Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allo
Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2019-13707MEDIUMCVSS 5.5fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25
CVE-2019-13707 [MEDIUM] CWE-20 CVE-2019-13707: Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.
nvd
CVE-2019-13667MEDIUMCVSS 4.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13667 [MEDIUM] CVE-2019-13667: Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remo
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2019-5869MEDIUMCVSS 6.5fixed in 76.0.3809.132≥ unspecified, < 76.0.3809.1322019-11-25
CVE-2019-5869 [MEDIUM] CWE-416 CVE-2019-5869: Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potenti
Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13715MEDIUMCVSS 4.3fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25
CVE-2019-13715 [MEDIUM] CWE-290 CVE-2019-13715: Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2019-13659MEDIUMCVSS 4.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13659 [MEDIUM] CVE-2019-13659: IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2019-13708MEDIUMCVSS 4.3fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25
CVE-2019-13708 [MEDIUM] CWE-290 CVE-2019-13708: Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a r
Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2019-13665MEDIUMCVSS 6.5fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13665 [MEDIUM] CWE-732 CVE-2019-13665: Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to
Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.
nvd
CVE-2019-13718MEDIUMCVSS 4.3fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25
CVE-2019-13718 [MEDIUM] CVE-2019-13718: Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote atta
Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2019-13674MEDIUMCVSS 4.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13674 [MEDIUM] CVE-2019-13674: IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2019-13684MEDIUMCVSS 5.3fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-11-25
CVE-2019-13684 [MEDIUM] CWE-203 CVE-2019-13684: Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote a
Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2019-5873MEDIUMCVSS 4.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-5873 [MEDIUM] CVE-2019-5873: Insufficient policy validation in navigation in Google Chrome on iOS prior to 77.0.3865.75 allowed a
Insufficient policy validation in navigation in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2019-5864MEDIUMCVSS 4.3fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25
CVE-2019-5864 [MEDIUM] CWE-20 CVE-2019-5864: Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who
Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
nvd
CVE-2019-5860MEDIUMCVSS 5.5fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25
CVE-2019-5860 [MEDIUM] CWE-416 CVE-2019-5860: Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potenti
Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2019-5868MEDIUMCVSS 5.5fixed in 76.0.3809.100≥ unspecified, < 76.0.3809.1002019-11-25
CVE-2019-5868 [MEDIUM] CWE-416 CVE-2019-5868: Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potent
Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2019-13683MEDIUMCVSS 6.5fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13683 [MEDIUM] CWE-755 CVE-2019-13683: Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd