Google Chrome vulnerabilities
4,008 known vulnerabilities affecting google/chrome.
Total CVEs
4,008
CISA KEV
74
actively exploited
Public exploits
64
Exploited in wild
65
Severity breakdown
CRITICAL298HIGH2025MEDIUM1626LOW17UNKNOWN42
Vulnerabilities
Page 155 of 201
CVE-2014-1729HIGHCVSS 7.5≤ 34.0.1847.1152014-04-09
CVE-2014-1729 [HIGH] CVE-2014-1729: Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
nvd
CVE-2014-1720HIGHCVSS 7.5≤ 34.0.1847.1152014-04-09
CVE-2014-1720 [HIGH] CWE-399 CVE-2014-1720: Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElem
Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes.
nvd
CVE-2014-1716HIGHCVSS 7.5≤ 34.0.1847.1152014-04-09
CVE-2014-1716 [HIGH] CWE-94 CVE-2014-1716: Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Googl
Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
nvd
CVE-2014-1724HIGHCVSS 7.5≤ 34.0.1847.1152014-04-09
CVE-2014-1724 [HIGH] CWE-399 CVE-2014-1724: Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Ch
Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request.
nvd
CVE-2014-1718HIGHCVSS 7.5≤ 34.0.1847.1152014-04-09
CVE-2014-1718 [HIGH] CWE-189 CVE-2014-1718: Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_ho
Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of
nvd
CVE-2014-1717HIGHCVSS 7.5≤ 34.0.1847.1152014-04-09
CVE-2014-1717 [HIGH] CWE-189 CVE-2014-1717: Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during
Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
nvd
CVE-2014-1726MEDIUMCVSS 4.3≤ 34.0.1847.1152014-04-09
CVE-2014-1726 [MEDIUM] CVE-2014-1726: The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers
The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access.
nvd
CVE-2014-1725MEDIUMCVSS 5.0≤ 34.0.1847.1152014-04-09
CVE-2014-1725 [MEDIUM] CWE-20 CVE-2014-1725: The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 3
The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.
nvd
CVE-2014-1704CRITICALCVSS 10.0≤ 33.0.1750.146v33.0.1750.0+105 more2014-03-16
CVE-2014-1704 [CRITICAL] CVE-2014-1704: Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before
Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
nvd
CVE-2014-1703HIGHCVSS 7.5≤ 33.0.1750.146v33.0.1750.0+105 more2014-03-16
CVE-2014-1703 [HIGH] CWE-399 CVE-2014-1703: Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/
Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case.
nvd
CVE-2014-1700HIGHCVSS 7.5≤ 33.0.1750.146v33.0.1750.0+105 more2014-03-16
CVE-2014-1700 [HIGH] CWE-399 CVE-2014-1700: Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrom
Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure.
nvd
CVE-2014-1714HIGHCVSS 7.5fixed in 33.0.1750.152fixed in 33.0.1750.1542014-03-16
CVE-2014-1714 [HIGH] CWE-20 CVE-2014-1714: The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc
The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to
nvd
CVE-2014-1702HIGHCVSS 7.5≤ 33.0.1750.146v33.0.1750.0+105 more2014-03-16
CVE-2014-1702 [HIGH] CWE-399 CVE-2014-1702: Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdat
Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of schedule
nvd
CVE-2014-1715HIGHCVSS 7.5fixed in 33.0.1750.152fixed in 33.0.1750.1542014-03-16
CVE-2014-1715 [HIGH] CWE-22 CVE-2014-1715: Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.
nvd
CVE-2014-1705HIGHCVSS 7.5fixed in 33.0.1750.152fixed in 33.0.1750.1542014-03-16
CVE-2014-1705 [HIGH] CWE-787 CVE-2014-1705: Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154
Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
nvd
CVE-2014-1713HIGHCVSS 7.5fixed in 33.0.1750.152fixed in 33.0.1750.1542014-03-16
CVE-2014-1713 [HIGH] CWE-416 CVE-2014-1713: Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in
Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.
nvd
CVE-2014-1701MEDIUMCVSS 4.3≤ 33.0.1750.146v33.0.1750.0+105 more2014-03-16
CVE-2014-1701 [MEDIUM] CWE-79 CVE-2014-1701: The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google C
The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events.
nvd
CVE-2013-6668HIGHCVSS 7.5≤ 33.0.1750.144v33.0.1750.0+104 more2014-03-05
CVE-2013-6668 [HIGH] CVE-2013-6668: Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
nvd
CVE-2013-6663HIGHCVSS 7.5≤ 33.0.1750.144v33.0.1750.0+104 more2014-03-05
CVE-2013-6663 [HIGH] CWE-399 CVE-2013-6663: Use-after-free vulnerability in the SVGImage::setContainerSize function in core/svg/graphics/SVGImag
Use-after-free vulnerability in the SVGImage::setContainerSize function in core/svg/graphics/SVGImage.cpp in the SVG implementation in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the resizing of a view.
nvd
CVE-2013-6664HIGHCVSS 7.5≤ 33.0.1750.144v33.0.1750.0+104 more2014-03-05
CVE-2013-6664 [HIGH] CWE-399 CVE-2013-6664: Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving FORM elements, as demonstrated by use of the speech-re
nvd