Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 103 of 199
CVE-2019-5847MEDIUMCVSS 6.5fixed in 75.0.3770.142≥ unspecified, < 75.0.3770.1422019-11-25
CVE-2019-5847 [MEDIUM] CWE-787 CVE-2019-5847: Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote
Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13661MEDIUMCVSS 4.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13661 [MEDIUM] CVE-2019-13661: UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof no
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
nvd
CVE-2019-5867MEDIUMCVSS 6.5fixed in 76.0.3809.100≥ unspecified, < 76.0.3809.1002019-11-25
CVE-2019-5867 [MEDIUM] CWE-125 CVE-2019-5867: Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker t
Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5875MEDIUMCVSS 4.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-5875 [MEDIUM] CVE-2019-5875: Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote at
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2019-15684MEDIUMCVSS 4.3fixed in 30.112.62.02019-11-25
CVE-2019-15684 [MEDIUM] CVE-2019-15684: Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to
Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.
nvd
CVE-2019-5848MEDIUMCVSS 6.5fixed in 75.0.3770.142≥ unspecified, < 75.0.3770.1422019-11-25
CVE-2019-5848 [MEDIUM] CWE-312 CVE-2019-5848: Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacke
Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2019-13660MEDIUMCVSS 5.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13660 [MEDIUM] CVE-2019-13660: UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof no
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
nvd
CVE-2019-13671MEDIUMCVSS 4.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13671 [MEDIUM] CVE-2019-13671: UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof secur
UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
nvd
CVE-2019-13705MEDIUMCVSS 4.3fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25
CVE-2019-13705 [MEDIUM] CWE-269 CVE-2019-13705: Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an atta
Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
nvd
CVE-2019-13697MEDIUMCVSS 6.5fixed in 77.0.3865.120≥ unspecified, < 77.0.3865.1202019-11-25
CVE-2019-13697 [MEDIUM] CWE-209 CVE-2019-13697: Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed
Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2019-13676MEDIUMCVSS 4.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13676 [MEDIUM] CWE-732 CVE-2019-13676: Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote
Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
nvd
CVE-2019-13680MEDIUMCVSS 5.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13680 [MEDIUM] CVE-2019-13680: Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker
Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.
nvd
CVE-2019-13716MEDIUMCVSS 4.3fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25
CVE-2019-13716 [MEDIUM] CWE-863 CVE-2019-13716: Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a
Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2019-13719MEDIUMCVSS 4.3fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25
CVE-2019-13719 [MEDIUM] CWE-922 CVE-2019-13719: Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote at
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.
nvd
CVE-2019-13675MEDIUMCVSS 4.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13675 [MEDIUM] CWE-20 CVE-2019-13675: Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote a
Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.
nvd
CVE-2019-13681MEDIUMCVSS 4.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13681 [MEDIUM] CWE-732 CVE-2019-13681: Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote at
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
nvd
CVE-2019-13714MEDIUMCVSS 6.1fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25
CVE-2019-13714 [MEDIUM] CWE-94 CVE-2019-13714: Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.
Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL.
nvd
CVE-2019-13703MEDIUMCVSS 4.3fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25
CVE-2019-13703 [MEDIUM] CWE-290 CVE-2019-13703: Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 all
Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2019-13669MEDIUMCVSS 4.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13669 [MEDIUM] CVE-2019-13669: Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote atta
Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2019-5826MEDIUMCVSS 6.5fixed in 73.0.3683.86≥ unspecified, < 73.0.3683.862019-11-25
CVE-2019-5826 [MEDIUM] CWE-416 CVE-2019-5826: Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a remote attacker who had
Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd