Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 110 of 199
CVE-2019-5801MEDIUMCVSS 6.5fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5801 [MEDIUM] CWE-20 CVE-2019-5801: Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
nvd
CVE-2019-5800MEDIUMCVSS 6.5fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5800 [MEDIUM] CWE-20 CVE-2019-5800: Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote att
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
nvd
CVE-2019-5804MEDIUMCVSS 5.5fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5804 [MEDIUM] CWE-88 CVE-2019-5804: Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local a
Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.
nvd
CVE-2019-5793MEDIUMCVSS 6.5fixed in 73.0.3683.75vprior to 73.0.3683.752019-05-23
CVE-2019-5793 [MEDIUM] CWE-20 CVE-2019-5793: Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remot
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.
nvd
CVE-2019-5759CRITICALCVSS 9.6fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5759 [CRITICAL] CWE-416 CVE-2019-5759: Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2019-5771HIGHCVSS 8.8fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5771 [HIGH] CVE-2019-5771: An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a rem
An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
nvd
CVE-2019-5758HIGHCVSS 8.8fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5758 [HIGH] CWE-787 CVE-2019-5758: Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remo
Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5764HIGHCVSS 8.8fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5764 [HIGH] CWE-416 CVE-2019-5764: Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attac
Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5780HIGHCVSS 7.8fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5780 [HIGH] CWE-20 CVE-2019-5780: Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 7
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
nvd
CVE-2019-5782HIGHCVSS 8.8Exploitedfixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5782 [HIGH] CWE-125 CVE-2019-5782: Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote att
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
nvd
CVE-2019-5757HIGHCVSS 8.8fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5757 [HIGH] CWE-704 CVE-2019-5757: An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote a
An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
nvd
CVE-2019-5760HIGHCVSS 8.8fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5760 [HIGH] CWE-416 CVE-2019-5760: Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a r
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5762HIGHCVSS 8.8fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5762 [HIGH] CWE-119 CVE-2019-5762: Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowe
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
nvd
CVE-2019-5755HIGHCVSS 8.1fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5755 [HIGH] CWE-189 CVE-2019-5755: Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote at
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
nvd
CVE-2019-5761HIGHCVSS 8.8fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5761 [HIGH] CWE-787 CVE-2019-5761: Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed
Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5783HIGHCVSS 8.8fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5783 [HIGH] CWE-20 CVE-2019-5783: Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a
Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page.
nvd
CVE-2019-5756HIGHCVSS 8.8fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5756 [HIGH] CWE-416 CVE-2019-5756: Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowe
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
nvd
CVE-2019-5772HIGHCVSS 8.8fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5772 [HIGH] CWE-416 CVE-2019-5772: Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2019-5770HIGHCVSS 8.8fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5770 [HIGH] CWE-125 CVE-2019-5770: Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attac
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
nvd
CVE-2019-5763HIGHCVSS 8.8fixed in 72.0.3626.81≥ unspecified, < 72.0.3626.812019-02-19
CVE-2019-5763 [HIGH] CWE-754 CVE-2019-5763: Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote atta
Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd