Google Chrome vulnerabilities
4,008 known vulnerabilities affecting google/chrome.
Total CVEs
4,008
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL298HIGH2025MEDIUM1626LOW17UNKNOWN42
Vulnerabilities
Page 122 of 201
CVE-2018-6034HIGHCVSS 8.1fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6034 [HIGH] CWE-125 CVE-2018-6034: Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attac
Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
nvd
CVE-2018-6054HIGHCVSS 8.8fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6054 [HIGH] CWE-416 CVE-2018-6054: Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potenti
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
nvd
CVE-2018-6043HIGHCVSS 8.8fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6043 [HIGH] CWE-20 CVE-2018-6043: Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 al
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.
nvd
CVE-2018-6035HIGHCVSS 8.8fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6035 [HIGH] CWE-200 CVE-2018-6035: Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
nvd
CVE-2018-6031HIGHCVSS 8.8fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6031 [HIGH] CWE-416 CVE-2018-6031: Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potent
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2018-6033HIGHCVSS 8.8fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6033 [HIGH] CWE-20 CVE-2018-6033: Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote a
Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.
nvd
CVE-2018-6055HIGHCVSS 8.8fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6055 [HIGH] CWE-20 CVE-2018-6055: Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.
nvd
CVE-2018-6040MEDIUMCVSS 6.5fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6040 [MEDIUM] CWE-732 CVE-2018-6040: Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote at
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.
nvd
CVE-2018-6052MEDIUMCVSS 4.3fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6052 [MEDIUM] CWE-200 CVE-2018-6052: Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.
nvd
CVE-2018-6119MEDIUMCVSS 6.5fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6119 [MEDIUM] CWE-20 CVE-2018-6119: Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker t
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2018-6036MEDIUMCVSS 6.5fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6036 [MEDIUM] CWE-20 CVE-2018-6036: Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker
Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.
nvd
CVE-2018-6032MEDIUMCVSS 6.5fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6032 [MEDIUM] CWE-20 CVE-2018-6032: Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote at
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.
nvd
CVE-2018-6037MEDIUMCVSS 6.5fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6037 [MEDIUM] CWE-200 CVE-2018-6037: Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote at
Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.
nvd
CVE-2018-6038MEDIUMCVSS 6.5fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6038 [MEDIUM] CWE-119 CVE-2018-6038: Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to p
Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
nvd
CVE-2018-6042MEDIUMCVSS 4.3fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6042 [MEDIUM] CWE-20 CVE-2018-6042: Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker t
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2018-6051MEDIUMCVSS 4.3fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6051 [MEDIUM] CWE-79 CVE-2018-6051: XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the sam
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
nvd
CVE-2018-6041MEDIUMCVSS 4.3fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6041 [MEDIUM] CWE-20 CVE-2018-6041: Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacke
Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2018-6039MEDIUMCVSS 6.1fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6039 [MEDIUM] CWE-20 CVE-2018-6039: Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote at
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
nvd
CVE-2018-6046MEDIUMCVSS 6.1fixed in 64.0.3282.119≥ unspecified, < 64.0.3282.1192018-09-25
CVE-2018-6046 [MEDIUM] CWE-20 CVE-2018-6046: Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote at
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
nvd
CVE-2018-6045MEDIUMCVSS 6.5fixed in 64.0.3282.1192018-09-25
CVE-2018-6045 [MEDIUM] CWE-200 CVE-2018-6045: Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
nvd