Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 16 of 199
CVE-2025-11208MEDIUMCVSS 6.3fixed in 141.0.7390.54≥ 141.0.7390.54, < 141.0.7390.542025-11-06
CVE-2025-11208 [MEDIUM] CWE-451 CVE-2025-11208: Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attac
Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-11216MEDIUMCVSS 6.3fixed in 141.0.7390.54≥ 141.0.7390.54, < 141.0.7390.542025-11-06
CVE-2025-11216 [MEDIUM] CVE-2025-11216: Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a rem
Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-11212MEDIUMCVSS 6.3fixed in 141.0.7390.54≥ 141.0.7390.54, < 141.0.7390.542025-11-06
CVE-2025-11212 [MEDIUM] CWE-451 CVE-2025-11212: Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a r
Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-11219LOWCVSS 3.1fixed in 141.0.7390.54≥ 141.0.7390.54, < 141.0.7390.542025-11-06
CVE-2025-11219 [LOW] CWE-416 CVE-2025-11219: Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentiall
Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-10585CRITICALCVSS 9.8KEVfixed in 140.0.7339.185≥ 140.0.7339.185, < 140.0.7339.1852025-09-24
CVE-2025-10585 [CRITICAL] CWE-843 CVE-2025-10585: Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potential
Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-10890CRITICALCVSS 9.1fixed in 140.0.7339.207≥ 140.0.7339.207, < 140.0.7339.2072025-09-24
CVE-2025-10890 [CRITICAL] CWE-1300 CVE-2025-10890: Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote att
Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-10502HIGHCVSS 8.8fixed in 140.0.7339.185≥ 140.0.7339.185, < 140.0.7339.1852025-09-24
CVE-2025-10502 [HIGH] CWE-122 CVE-2025-10502: Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to
Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-10891HIGHCVSS 8.8fixed in 140.0.7339.207≥ 140.0.7339.207, < 140.0.7339.2072025-09-24
CVE-2025-10891 [HIGH] CWE-472 CVE-2025-10891: Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potenti
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-10501HIGHCVSS 8.8fixed in 140.0.7339.185≥ 140.0.7339.185, < 140.0.7339.1852025-09-24
CVE-2025-10501 [HIGH] CWE-416 CVE-2025-10501: Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to poten
Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-10892HIGHCVSS 8.8fixed in 140.0.7339.207≥ 140.0.7339.207, < 140.0.7339.2072025-09-24
CVE-2025-10892 [HIGH] CWE-472 CVE-2025-10892: Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potenti
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-10500HIGHCVSS 8.8fixed in 140.0.7339.185≥ 140.0.7339.185, < 140.0.7339.1852025-09-24
CVE-2025-10500 [HIGH] CWE-416 CVE-2025-10500: Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potenti
Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-10200HIGHCVSS 8.8fixed in 140.0.7339.127≥ 140.0.7339.127, < 140.0.7339.1272025-09-10
CVE-2025-10200 [HIGH] CWE-416 CVE-2025-10200: Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote
Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
cvelistv5nvd
CVE-2025-10201HIGHCVSS 8.8fixed in 140.0.7339.127≥ 140.0.7339.127, < 140.0.7339.1272025-09-10
CVE-2025-10201 [HIGH] CWE-284 CVE-2025-10201: Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.733
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-9866HIGHCVSS 8.8fixed in 140.0.7339.80≥ 140.0.7339.80, < 140.0.7339.802025-09-03
CVE-2025-9866 [HIGH] CWE-693 CVE-2025-9866: Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote
Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-9865MEDIUMCVSS 5.4fixed in 140.0.7339.80≥ 140.0.7339.80, < 140.0.7339.802025-09-03
CVE-2025-9865 [MEDIUM] CWE-451 CVE-2025-9865: Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a
Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-9867MEDIUMCVSS 5.4fixed in 140.0.7339.80≥ 140.0.7339.80, < 140.0.7339.802025-09-03
CVE-2025-9867 [MEDIUM] CWE-451 CVE-2025-9867: Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed
Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-9478HIGHCVSS 8.8fixed in 139.0.7258.154≥ 139.0.7258.154, < 139.0.7258.1542025-08-26
CVE-2025-9478 [HIGH] CWE-416 CVE-2025-9478: Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potent
Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
cvelistv5nvd
CVE-2025-4609CRITICALCVSS 9.6fixed in 136.0.7103.113≥ 136.0.7103.113, < 136.0.7103.1132025-08-22
CVE-2025-4609 [CRITICAL] CWE-732 CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-9132HIGHCVSS 8.8fixed in 139.0.7258.138≥ 139.0.7258.138, < 139.0.7258.1382025-08-20
CVE-2025-9132 [HIGH] CWE-787 CVE-2025-9132: Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to pote
Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-8901HIGHCVSS 8.8fixed in 139.0.7258.127≥ 139.0.7258.127, < 139.0.7258.1272025-08-13
CVE-2025-8901 [HIGH] CWE-787 CVE-2025-8901: Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to p
Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd