Google Chrome vulnerabilities

3,975 known vulnerabilities affecting google/chrome.

Total CVEs

3,975

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11

Vulnerabilities

Page 104 of 199

CVE-2019-5862MEDIUMCVSS 6.5fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25

CVE-2019-5862 [MEDIUM] CWE-20 CVE-2019-5862: Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote att Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

nvd

CVE-2019-5872MEDIUMCVSS 6.5fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25

CVE-2019-5872 [MEDIUM] CWE-416 CVE-2019-5872: Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potential Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2019-13710MEDIUMCVSS 4.3fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25

CVE-2019-13710 [MEDIUM] CVE-2019-13710: Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allow Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

nvd

CVE-2019-5861MEDIUMCVSS 4.3fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25

CVE-2019-5861 [MEDIUM] CWE-1021 CVE-2019-5861: Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attack Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page.

nvd

CVE-2019-13713MEDIUMCVSS 6.5fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25

CVE-2019-13713 [MEDIUM] CVE-2019-13713: Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remot Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

nvd

CVE-2019-13717MEDIUMCVSS 4.3fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25

CVE-2019-13717 [MEDIUM] CWE-922 CVE-2019-13717: Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote at Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

nvd

CVE-2019-13709MEDIUMCVSS 6.5fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25

CVE-2019-13709 [MEDIUM] CWE-290 CVE-2019-13709: Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

nvd

CVE-2019-13678MEDIUMCVSS 6.5fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25

CVE-2019-13678 [MEDIUM] CVE-2019-13678: Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attac Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

nvd

CVE-2019-13704MEDIUMCVSS 4.3fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25

CVE-2019-13704 [MEDIUM] CWE-290 CVE-2019-13704: Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remot Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page.

nvd

CVE-2019-13662MEDIUMCVSS 6.5fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25

CVE-2019-13662 [MEDIUM] CWE-276 CVE-2019-13662: Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remo Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

nvd

CVE-2019-5857MEDIUMCVSS 6.5fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25

CVE-2019-5857 [MEDIUM] CWE-787 CVE-2019-5857: Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote a Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

nvd

CVE-2019-13663MEDIUMCVSS 4.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25

CVE-2019-13663 [MEDIUM] CVE-2019-13663: IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

nvd

CVE-2019-5855MEDIUMCVSS 6.5fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25

CVE-2019-5855 [MEDIUM] CWE-190 CVE-2019-5855: Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to poten Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

nvd

CVE-2019-13664MEDIUMCVSS 6.5fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25

CVE-2019-13664 [MEDIUM] CWE-346 CVE-2019-13664: Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote att Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

nvd

CVE-2019-5825MEDIUMCVSS 6.5KEVPoCfixed in 73.0.3683.86≥ unspecified, < 73.0.3683.862019-11-25

CVE-2019-5825 [MEDIUM] CWE-787 CVE-2019-5825: Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker t Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2019-13701MEDIUMCVSS 4.3fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702019-11-25

CVE-2019-13701 [MEDIUM] CWE-290 CVE-2019-13701: Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attac Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

nvd

CVE-2019-5852MEDIUMCVSS 6.5fixed in 76.0.3809.87≥ unspecified, < 76.0.3809.872019-11-25

CVE-2019-5852 [MEDIUM] CWE-20 CVE-2019-5852: Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote a Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

nvd

CVE-2019-5879MEDIUMCVSS 6.5fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25

CVE-2019-5879 [MEDIUM] CWE-863 CVE-2019-5879: Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an atta Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.

nvd

CVE-2019-5842MEDIUMCVSS 6.5fixed in 75.0.3770.90≥ unspecified, < 75.0.3770.902019-11-25

CVE-2019-5842 [MEDIUM] CWE-416 CVE-2019-5842: Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentia Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2019-13677MEDIUMCVSS 6.5fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25

CVE-2019-13677 [MEDIUM] CWE-732 CVE-2019-13677: Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a r Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.

nvd

← Previous104 / 199Next →