Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
61
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 12 of 199
CVE-2025-14765HIGHCVSS 8.8fixed in 143.0.7499.146≥ 143.0.7499.147, < 143.0.7499.1472025-12-16
CVE-2025-14765 [HIGH] CWE-416 CVE-2025-14765: Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to poten
Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-14174HIGHCVSS 8.8KEV≥ 143.0.7499.41, < 143.0.7499.110≥ 143.0.7499.40, < 143.0.7499.109+1 more2025-12-12
CVE-2025-14174 [HIGH] CWE-787 CVE-2025-14174: Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remot
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-14372MEDIUMCVSS 6.1fixed in 143.0.7499.109≥ 143.0.7499.110, < 143.0.7499.1102025-12-12
CVE-2025-14372 [MEDIUM] CWE-416 CVE-2025-14372: Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacke
Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-14373MEDIUMCVSS 4.3fixed in 143.0.7499.109≥ 143.0.7499.110, < 143.0.7499.1102025-12-12
CVE-2025-14373 [MEDIUM] CWE-1021 CVE-2025-14373: Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed
Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-13992MEDIUMCVSS 4.7fixed in 139.0.7258.66≥ 139.0.7258.66, < 139.0.7258.662025-12-03
CVE-2025-13992 [MEDIUM] CWE-1300 CVE-2025-13992: Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 a
Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-13631HIGHCVSS 8.8fixed in 143.0.7499.40≥ 143.0.7499.41, < 143.0.7499.412025-12-02
CVE-2025-13631 [HIGH] CVE-2025-13631: Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowe
Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-13639HIGHCVSS 8.1fixed in 143.0.7499.40≥ 143.0.7499.41, < 143.0.7499.412025-12-02
CVE-2025-13639 [HIGH] CWE-79 CVE-2025-13639: Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote atta
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-13633HIGHCVSS 8.8fixed in 143.0.7499.40≥ 143.0.7499.41, < 143.0.7499.412025-12-02
CVE-2025-13633 [HIGH] CWE-416 CVE-2025-13633: Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attac
Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-13630HIGHCVSS 8.8fixed in 143.0.7499.40≥ 143.0.7499.41, < 143.0.7499.412025-12-02
CVE-2025-13630 [HIGH] CWE-843 CVE-2025-13630: Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-13720HIGHCVSS 8.8fixed in 143.0.7499.40fixed in 143.0.7499.41+1 more2025-12-02
CVE-2025-13720 [HIGH] CWE-704 CVE-2025-13720: Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had comprom
Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-13638HIGHCVSS 8.8fixed in 143.0.7499.40≥ 143.0.7499.41, < 143.0.7499.412025-12-02
CVE-2025-13638 [HIGH] CWE-416 CVE-2025-13638: Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to
Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-13721HIGHCVSS 7.5fixed in 143.0.7499.40fixed in 143.0.7499.41+1 more2025-12-02
CVE-2025-13721 [HIGH] CWE-362 CVE-2025-13721: Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit
Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-13634MEDIUMCVSS 4.4fixed in 143.0.7499.40≥ 143.0.7499.41, < 143.0.7499.412025-12-02
CVE-2025-13634 [MEDIUM] CWE-290 CVE-2025-13634: Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-13637MEDIUMCVSS 4.3fixed in 143.0.7499.40≥ 143.0.7499.41, < 143.0.7499.412025-12-02
CVE-2025-13637 [MEDIUM] CWE-449 CVE-2025-13637: Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote a
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-13636MEDIUMCVSS 4.3fixed in 143.0.7499.40≥ 143.0.7499.41, < 143.0.7499.412025-12-02
CVE-2025-13636 [MEDIUM] CWE-290 CVE-2025-13636: Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote
Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-13635MEDIUMCVSS 4.4fixed in 143.0.7499.40≥ 143.0.7499.41, < 143.0.7499.412025-12-02
CVE-2025-13635 [MEDIUM] CWE-290 CVE-2025-13635: Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local at
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-13632MEDIUMCVSS 5.4fixed in 143.0.7499.40≥ 143.0.7499.41, < 143.0.7499.412025-12-02
CVE-2025-13632 [MEDIUM] CWE-194 CVE-2025-13632: Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-13640LOWCVSS 3.5fixed in 143.0.7499.40fixed in 143.0.7499.41+1 more2025-12-02
CVE-2025-13640 [LOW] CVE-2025-13640: Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local at
Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-13227HIGHCVSS 8.8fixed in 142.0.7444.59fixed in 142.0.7444.60+1 more2025-11-18
CVE-2025-13227 [HIGH] CWE-843 CVE-2025-13227: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-13230HIGHCVSS 8.8fixed in 142.0.7444.59fixed in 142.0.7444.60+1 more2025-11-18
CVE-2025-13230 [HIGH] CWE-843 CVE-2025-13230: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd