Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 119 of 199
CVE-2018-6071HIGHCVSS 8.8fixed in 65.0.3325.146≥ unspecified, < 65.0.3325.1462018-11-14
CVE-2018-6071 [HIGH] CWE-125 CVE-2018-6071: An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to per
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
nvd
CVE-2018-6073HIGHCVSS 8.8fixed in 65.0.3325.146≥ unspecified, < 65.0.3325.1462018-11-14
CVE-2018-6073 [HIGH] CWE-787 CVE-2018-6073: A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
nvd
CVE-2018-17469HIGHCVSS 8.8fixed in 70.0.3538.67≥ unspecified, < 70.0.3538.672018-11-14
CVE-2018-17469 [HIGH] CWE-125 CVE-2018-17469: Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a r
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
nvd
CVE-2018-6083HIGHCVSS 8.8fixed in 65.0.3325.146≥ unspecified, < 65.0.3325.1462018-11-14
CVE-2018-6083 [HIGH] CVE-2018-6083: Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
nvd
CVE-2018-6063HIGHCVSS 8.8fixed in 65.0.3325.146≥ unspecified, < 65.0.3325.1462018-11-14
CVE-2018-6063 [HIGH] CWE-787 CVE-2018-6063: Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowe
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
nvd
CVE-2018-17465HIGHCVSS 8.8fixed in 70.0.3538.67≥ unspecified, < 70.0.3538.672018-11-14
CVE-2018-17465 [HIGH] CWE-416 CVE-2018-17465: Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a r
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
nvd
CVE-2018-17474HIGHCVSS 8.8fixed in 70.0.3538.67≥ unspecified, < 70.0.3538.672018-11-14
CVE-2018-17474 [HIGH] CWE-416 CVE-2018-17474: Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a re
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2018-17475MEDIUMCVSS 4.3fixed in 70.0.3538.67≥ unspecified, < 70.0.3538.672018-11-14
CVE-2018-17475 [MEDIUM] CVE-2018-17475: Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2018-17464MEDIUMCVSS 4.3fixed in 70.0.3538.67≥ unspecified, < 70.0.3538.672018-11-14
CVE-2018-17464 [MEDIUM] CVE-2018-17464: Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2018-6082MEDIUMCVSS 4.7fixed in 65.0.3325.1462018-11-14
CVE-2018-6082 [MEDIUM] CWE-200 CVE-2018-6082: Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
nvd
CVE-2018-17476MEDIUMCVSS 4.3fixed in 70.0.3538.67≥ unspecified, < 70.0.3538.672018-11-14
CVE-2018-17476 [MEDIUM] CVE-2018-17476: Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attack
Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
nvd
CVE-2018-6077MEDIUMCVSS 6.5fixed in 65.0.3325.146≥ unspecified, < 65.0.3325.1462018-11-14
CVE-2018-6077 [MEDIUM] CWE-200 CVE-2018-6077: Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrom
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2018-6075MEDIUMCVSS 6.5fixed in 65.0.3325.146≥ unspecified, < 65.0.3325.1462018-11-14
CVE-2018-6075 [MEDIUM] CWE-200 CVE-2018-6075: Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146
Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.
nvd
CVE-2018-17477MEDIUMCVSS 4.3fixed in 70.0.3538.67≥ unspecified, < 70.0.3538.672018-11-14
CVE-2018-17477 [MEDIUM] CVE-2018-17477: Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote att
Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.
nvd
CVE-2018-17471MEDIUMCVSS 4.3fixed in 70.0.3538.67≥ unspecified, < 70.0.3538.672018-11-14
CVE-2018-17471 [MEDIUM] CVE-2018-17471: Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote at
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
nvd
CVE-2018-6076MEDIUMCVSS 6.1fixed in 65.0.3325.146≥ unspecified, < 65.0.3325.1462018-11-14
CVE-2018-6076 [MEDIUM] CWE-79 CVE-2018-6076: Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 a
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.
nvd
CVE-2018-6078MEDIUMCVSS 4.3fixed in 65.0.3325.146≥ unspecified, < 65.0.3325.1462018-11-14
CVE-2018-6078 [MEDIUM] CWE-20 CVE-2018-6078: Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allow
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
nvd
CVE-2018-6070MEDIUMCVSS 6.1fixed in 65.0.3325.146≥ unspecified, < 65.0.3325.1462018-11-14
CVE-2018-6070 [MEDIUM] CWE-79 CVE-2018-6070: Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an at
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
nvd
CVE-2018-6066MEDIUMCVSS 6.5fixed in 65.0.3325.146≥ unspecified, < 65.0.3325.1462018-11-14
CVE-2018-6066 [MEDIUM] CWE-200 CVE-2018-6066: Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325
Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2018-6079MEDIUMCVSS 6.5fixed in 65.0.3325.146≥ unspecified, < 65.0.3325.1462018-11-14
CVE-2018-6079 [MEDIUM] CWE-200 CVE-2018-6079: Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome pri
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd