Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 109 of 199
CVE-2018-6145MEDIUMCVSS 6.1fixed in 67.0.3396.62≥ unspecified, < 67.0.3396.622019-06-27
CVE-2018-6145 [MEDIUM] CWE-79 CVE-2018-6145: Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
nvd
CVE-2018-16086MEDIUMCVSS 5.4fixed in 69.0.3497.81≥ unspecified, < 69.0.3497.812019-06-27
CVE-2018-16086 [MEDIUM] CWE-285 CVE-2018-16086: Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an
Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
nvd
CVE-2019-5840MEDIUMCVSS 4.3fixed in 75.0.3770.80≥ unspecified, < 75.0.3770.802019-06-27
CVE-2019-5840 [MEDIUM] CWE-362 CVE-2019-5840: Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remot
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2018-6148MEDIUMCVSS 6.5fixed in 67.0.3396.79≥ unspecified, < 67.0.3396.792019-06-27
CVE-2018-6148 [MEDIUM] CWE-93 CVE-2018-6148: Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2018-6168MEDIUMCVSS 6.5fixed in 68.0.3440.75≥ unspecified, < 68.0.3440.752019-06-27
CVE-2018-6168 [MEDIUM] CWE-200 CVE-2018-6168: Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2019-5835MEDIUMCVSS 6.5fixed in 75.0.3770.80≥ unspecified, < 75.0.3770.802019-06-27
CVE-2019-5835 [MEDIUM] CWE-125 CVE-2019-5835: Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attack
Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2019-5834MEDIUMCVSS 6.5fixed in 75.0.3770.80≥ unspecified, < 75.0.3770.802019-06-27
CVE-2019-5834 [MEDIUM] CWE-346 CVE-2019-5834: Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attack
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
nvd
CVE-2019-5791HIGHCVSS 8.8fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5791 [HIGH] CWE-125 CVE-2019-5791: Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to
Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
nvd
CVE-2019-5787HIGHCVSS 8.8fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5787 [HIGH] CWE-416 CVE-2019-5787: Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attack
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5790HIGHCVSS 8.8fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5790 [HIGH] CWE-190 CVE-2019-5790: An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prio
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
nvd
CVE-2019-5789HIGHCVSS 8.8PoCfixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5789 [HIGH] CWE-190 CVE-2019-5789: An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 7
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
nvd
CVE-2019-5795HIGHCVSS 8.8fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5795 [HIGH] CWE-190 CVE-2019-5795: Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to poten
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
nvd
CVE-2019-5796HIGHCVSS 7.5PoCfixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5796 [HIGH] CWE-362 CVE-2019-5796: Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5788HIGHCVSS 8.8PoCfixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5788 [HIGH] CWE-190 CVE-2019-5788: An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
nvd
CVE-2019-5792HIGHCVSS 8.8fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5792 [HIGH] CWE-190 CVE-2019-5792: Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to poten
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
nvd
CVE-2019-5799MEDIUMCVSS 6.5fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5799 [MEDIUM] CWE-20 CVE-2019-5799: Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior t
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
nvd
CVE-2019-5798MEDIUMCVSS 6.5fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5798 [MEDIUM] CWE-125 CVE-2019-5798: Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote atta
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
nvd
CVE-2019-5802MEDIUMCVSS 6.5fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5802 [MEDIUM] CVE-2019-5802: Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
nvd
CVE-2019-5803MEDIUMCVSS 6.5fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5803 [MEDIUM] CWE-20 CVE-2019-5803: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 al
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
nvd
CVE-2019-5794MEDIUMCVSS 6.5fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5794 [MEDIUM] CVE-2019-5794: Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowe
Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
nvd