Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 105 of 199
CVE-2019-13679LOWCVSS 3.3fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752019-11-25
CVE-2019-13679 [LOW] CWE-732 CVE-2019-13679: Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote at
Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.
nvd
CVE-2016-9652CRITICALCVSS 9.8fixed in 55.0.2883.75v55.02019-11-20
CVE-2016-9652 [CRITICAL] CVE-2016-9652: Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.
Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.
nvd
CVE-2016-5194CRITICALCVSS 9.8fixed in 54.0.2840.59vbefore 54.0.2840.592019-11-20
CVE-2016-5194 [CRITICAL] CVE-2016-5194: Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.
nvd
CVE-2011-2335HIGHCVSS 7.5vbefore Blink M122019-11-12
CVE-2011-2335 [HIGH] CWE-415 CVE-2011-2335: A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSe
A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function.
nvd
CVE-2011-1802MEDIUMCVSS 6.5vbefore Blink M11 and M122019-11-12
CVE-2011-1802 [MEDIUM] CWE-476 CVE-2011-1802: WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allow
WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption).
nvd
CVE-2011-2334MEDIUMCVSS 6.5vbefore Blink M122019-11-12
CVE-2011-2334 [MEDIUM] CWE-416 CVE-2011-2334: Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen r
Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections.
nvd
CVE-2011-1803MEDIUMCVSS 6.5vbefore Blink M11 and M122019-11-12
CVE-2011-1803 [MEDIUM] CWE-415 CVE-2011-1803: An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Goo
An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element.
nvd
CVE-2011-2353MEDIUMCVSS 6.5vbefore Blink M132019-11-07
CVE-2011-2353 [MEDIUM] CWE-416 CVE-2011-2353: Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in Docume
Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function.
nvd
CVE-2011-2807MEDIUMCVSS 6.5vbefore Blink M132019-11-07
CVE-2011-2807 [MEDIUM] CWE-755 CVE-2011-2807: Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13.
Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13.
nvd
CVE-2011-2336MEDIUMCVSS 6.5vbefore Blink M122019-11-07
CVE-2011-2336 [MEDIUM] CWE-755 CVE-2011-2336: An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControl
An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts.
nvd
CVE-2011-2808MEDIUMCVSS 6.5vbefore Blink M132019-11-06
CVE-2011-2808 [MEDIUM] CWE-20 CVE-2011-2808: A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a ch
A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed.
nvd
CVE-2016-5202CRITICALCVSS 9.1fixed in 54.0.2840.98fixed in 54.0.2840.99+1 more2019-10-25
CVE-2016-5202 [CRITICAL] CWE-732 CVE-2016-5202: browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 5
browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy.
nvd
CVE-2019-8075HIGHCVSS 7.5fixed in 87.0.4280.66fixed in 87.0.4280.672019-09-27
CVE-2019-8075 [HIGH] CVE-2019-8075: Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerab
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
nvd
CVE-2018-17478HIGHCVSS 8.8fixed in 70.0.3538.102≥ unspecified, < 70.0.3538.1022019-06-27
CVE-2018-17478 [HIGH] CWE-129 CVE-2018-17478: Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote
Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
nvd
CVE-2019-5809HIGHCVSS 8.8fixed in 74.0.3729.108≥ unspecified, < 74.0.3729.1082019-06-27
CVE-2019-5809 [HIGH] CWE-416 CVE-2019-5809: Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
nvd
CVE-2019-5824HIGHCVSS 8.8fixed in 74.0.3729.131≥ unspecified, < 74.0.3729.1312019-06-27
CVE-2019-5824 [HIGH] CWE-787 CVE-2019-5824: Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker t
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2018-6149HIGHCVSS 8.8fixed in 67.0.3396.87≥ unspecified, < 67.0.3396.872019-06-27
CVE-2018-6149 [HIGH] CWE-787 CVE-2018-6149: Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to per
Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
nvd
CVE-2018-6157HIGHCVSS 8.8fixed in 68.0.3440.75≥ unspecified, < 68.0.3440.752019-06-27
CVE-2018-6157 [HIGH] CWE-704 CVE-2018-6157: Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potenti
Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
nvd
CVE-2018-6176HIGHCVSS 7.8fixed in 68.0.3440.75≥ unspecified, < 68.0.3440.752019-06-27
CVE-2018-6176 [HIGH] CWE-20 CVE-2018-6176: Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed
Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension.
nvd
CVE-2019-5819HIGHCVSS 7.8fixed in 74.0.3729.108≥ unspecified, < 74.0.3729.1082019-06-27
CVE-2019-5819 [HIGH] CWE-20 CVE-2019-5819: Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allo
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
nvd