Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 106 of 199
CVE-2018-6154HIGHCVSS 8.8fixed in 68.0.3440.75≥ unspecified, < 68.0.3440.752019-06-27
CVE-2018-6154 [HIGH] CWE-787 CVE-2018-6154: Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attack
Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5827HIGHCVSS 8.8fixed in 74.0.3729.131≥ unspecified, < 74.0.3729.1312019-06-27
CVE-2019-5827 [HIGH] CWE-190 CVE-2019-5827: Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attac
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5816HIGHCVSS 8.8fixed in 74.0.3729.108≥ unspecified, < 74.0.3729.1082019-06-27
CVE-2019-5816 [HIGH] CWE-664 CVE-2019-5816: Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.
nvd
CVE-2018-6138HIGHCVSS 8.1fixed in 67.0.3396.62≥ unspecified, < 67.0.3396.622019-06-27
CVE-2018-6138 [HIGH] CWE-20 CVE-2018-6138: Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an
Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
nvd
CVE-2019-5817HIGHCVSS 8.8fixed in 74.0.3729.108≥ unspecified, < 74.0.3729.1082019-06-27
CVE-2019-5817 [HIGH] CWE-787 CVE-2019-5817: Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote at
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5811HIGHCVSS 8.8fixed in 74.0.3729.108≥ unspecified, < 74.0.3729.1082019-06-27
CVE-2019-5811 [HIGH] CVE-2019-5811: Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
nvd
CVE-2018-6161HIGHCVSS 8.8fixed in 68.0.3440.75≥ unspecified, < 68.0.3440.752019-06-27
CVE-2018-6161 [HIGH] CWE-20 CVE-2018-6161: Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote att
Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
nvd
CVE-2019-5822HIGHCVSS 8.8fixed in 74.0.3729.108≥ unspecified, < 74.0.3729.1082019-06-27
CVE-2019-5822 [HIGH] CVE-2019-5822: Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attac
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
nvd
CVE-2019-5836HIGHCVSS 8.8fixed in 75.0.3770.80≥ unspecified, < 75.0.3770.802019-06-27
CVE-2019-5836 [HIGH] CWE-787 CVE-2019-5836: Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to po
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5831HIGHCVSS 8.8fixed in 75.0.3770.80≥ unspecified, < 75.0.3770.802019-06-27
CVE-2019-5831 [HIGH] CWE-787 CVE-2019-5831: Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to pot
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2018-16070HIGHCVSS 8.8fixed in 69.0.3497.81≥ unspecified, < 69.0.3497.812019-06-27
CVE-2018-16070 [HIGH] CWE-190 CVE-2018-16070: Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potent
Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5828HIGHCVSS 8.8fixed in 75.0.3770.80≥ unspecified, < 75.0.3770.802019-06-27
CVE-2019-5828 [HIGH] CWE-416 CVE-2019-5828: Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote atta
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2019-5813HIGHCVSS 8.8fixed in 74.0.3729.108≥ unspecified, < 74.0.3729.1082019-06-27
CVE-2019-5813 [HIGH] CWE-416 CVE-2019-5813: Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentiall
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2018-6118HIGHCVSS 8.8fixed in 66.0.3359.139≥ unspecified, < 66.0.3359.1392019-06-27
CVE-2018-6118 [HIGH] CWE-416 CVE-2018-6118: A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chro
A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
nvd
CVE-2018-6156HIGHCVSS 8.8fixed in 68.0.3440.75≥ unspecified, < 68.0.3440.752019-06-27
CVE-2018-6156 [HIGH] CWE-787 CVE-2018-6156: Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a re
Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
nvd
CVE-2019-5821HIGHCVSS 8.8fixed in 74.0.3729.108≥ unspecified, < 74.0.3729.1082019-06-27
CVE-2019-5821 [HIGH] CWE-190 CVE-2019-5821: Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to pote
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2019-5808HIGHCVSS 8.8fixed in 74.0.3729.108≥ unspecified, < 74.0.3729.1082019-06-27
CVE-2019-5808 [HIGH] CWE-416 CVE-2019-5808: Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potenti
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5806HIGHCVSS 8.8fixed in 74.0.3729.108≥ unspecified, < 74.0.3729.1082019-06-27
CVE-2019-5806 [HIGH] CWE-190 CVE-2019-5806: Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attack
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2018-17479HIGHCVSS 8.8fixed in 70.0.3538.110≥ unspecified, < 70.0.3538.1102019-06-27
CVE-2018-17479 [HIGH] CWE-416 CVE-2018-17479: Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a
Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2018-6121HIGHCVSS 8.8fixed in 66.0.3359.170≥ unspecified, < 66.0.3359.1702019-06-27
CVE-2018-6121 [HIGH] CWE-20 CVE-2018-6121: Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote a
Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page.
nvd