Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
61
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 14 of 199
CVE-2025-12725HIGHCVSS 8.8fixed in 142.0.7444.137fixed in 142.0.7444.134+2 more2025-11-10
CVE-2025-12725 [HIGH] CWE-125 CVE-2025-12725: Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote at
Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-12438HIGHCVSS 8.8fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12438 [HIGH] CWE-416 CVE-2025-12438: Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remo
Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-12432HIGHCVSS 8.8fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12432 [HIGH] CWE-362 CVE-2025-12432: Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit
Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-12429HIGHCVSS 8.8fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12429 [HIGH] CVE-2025-12429: Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-12430HIGHCVSS 7.5fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12430 [HIGH] CWE-290 CVE-2025-12430: Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to
Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-12726HIGHCVSS 7.5fixed in 142.0.7444.134≥ 142.0.7444.137, < 142.0.7444.1372025-11-10
CVE-2025-12726 [HIGH] CWE-269 CVE-2025-12726: Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a
Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-12433MEDIUMCVSS 4.3fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12433 [MEDIUM] CVE-2025-12433: Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-12435MEDIUMCVSS 5.4fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12435 [MEDIUM] CWE-285 CVE-2025-12435: Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote
Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-12434MEDIUMCVSS 4.2fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12434 [MEDIUM] CWE-362 CVE-2025-12434: Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who con
Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-12729MEDIUMCVSS 4.2fixed in 142.0.7444.137≥ 142.0.7444.137, < 142.0.7444.1372025-11-10
CVE-2025-12729 [MEDIUM] CWE-451 CVE-2025-12729: Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-12439MEDIUMCVSS 5.5fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12439 [MEDIUM] CWE-326 CVE-2025-12439: Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444
Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-12446MEDIUMCVSS 4.2fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12446 [MEDIUM] CWE-451 CVE-2025-12446: Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker
Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-12728MEDIUMCVSS 4.2fixed in 142.0.7444.137fixed in 142.0.7444.134+2 more2025-11-10
CVE-2025-12728 [MEDIUM] CWE-451 CVE-2025-12728: Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-12431MEDIUMCVSS 6.5fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12431 [MEDIUM] CWE-288 CVE-2025-12431: Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attack
Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-12443MEDIUMCVSS 4.3fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12443 [MEDIUM] CWE-125 CVE-2025-12443: Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to per
Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-12436MEDIUMCVSS 5.9fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12436 [MEDIUM] CWE-306 CVE-2025-12436: Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convince
Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-12447MEDIUMCVSS 4.2fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12447 [MEDIUM] CWE-306 CVE-2025-12447: Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote
Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-12440MEDIUMCVSS 5.3fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12440 [MEDIUM] CWE-120 CVE-2025-12440: Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote at
Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-12445MEDIUMCVSS 6.5fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12445 [MEDIUM] CWE-288 CVE-2025-12445: Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convince
Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-12441MEDIUMCVSS 4.3fixed in 142.0.7444.59≥ 142.0.7444.59, < 142.0.7444.592025-11-10
CVE-2025-12441 [MEDIUM] CWE-125 CVE-2025-12441: Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perfor
Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd