Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 18 of 199
CVE-2025-6555MEDIUMCVSS 5.4fixed in 138.0.7204.49≥ 138.0.7204.49, < 138.0.7204.492025-06-24
CVE-2025-6555 [MEDIUM] CWE-416 CVE-2025-6555: Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to pot
Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-6557MEDIUMCVSS 5.4fixed in 138.0.7204.49≥ 138.0.7204.49, < 138.0.7204.492025-06-24
CVE-2025-6557 [MEDIUM] CWE-1021 CVE-2025-6557: Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-6192HIGHCVSS 8.8fixed in 137.0.7151.119≥ 137.0.7151.119, < 137.0.7151.1192025-06-18
CVE-2025-6192 [HIGH] CWE-416 CVE-2025-6192: Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to pote
Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-6191HIGHCVSS 8.8fixed in 137.0.7151.119≥ 137.0.7151.119, < 137.0.7151.1192025-06-18
CVE-2025-6191 [HIGH] CWE-472 CVE-2025-6191: Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potenti
Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-5959HIGHCVSS 8.8fixed in 137.0.7151.103≥ 137.0.7151.103, < 137.0.7151.1032025-06-11
CVE-2025-5959 [HIGH] CWE-843 CVE-2025-5959: Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute a
Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-5958HIGHCVSS 8.8fixed in 137.0.7151.103≥ 137.0.7151.103, < 137.0.7151.1032025-06-11
CVE-2025-5958 [HIGH] CWE-416 CVE-2025-5958: Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potent
Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-5068HIGHCVSS 8.8fixed in 137.0.7151.68≥ 137.0.7151.68, < 137.0.7151.682025-06-03
CVE-2025-5068 [HIGH] CWE-416 CVE-2025-5068: Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potenti
Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-5419HIGHCVSS 8.8KEVfixed in 137.0.7151.68≥ 137.0.7151.68, < 137.0.7151.682025-06-03
CVE-2025-5419 [HIGH] CWE-125 CVE-2025-5419: Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-5280HIGHCVSS 8.8fixed in 137.0.7151.55≥ 137.0.7151.55, < 137.0.7151.552025-05-27
CVE-2025-5280 [HIGH] CWE-787 CVE-2025-5280: Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to poten
Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-5063HIGHCVSS 8.8fixed in 137.0.7151.55≥ 137.0.7151.55, < 137.0.7151.552025-05-27
CVE-2025-5063 [HIGH] CWE-416 CVE-2025-5063: Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to p
Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-5064MEDIUMCVSS 5.4fixed in 137.0.7151.55≥ 137.0.7151.55, < 137.0.7151.552025-05-27
CVE-2025-5064 [MEDIUM] CWE-200 CVE-2025-5064: Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed
Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-5065MEDIUMCVSS 6.5fixed in 137.0.7151.55≥ 137.0.7151.55, < 137.0.7151.552025-05-27
CVE-2025-5065 [MEDIUM] CWE-451 CVE-2025-5065: Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed
Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-5066MEDIUMCVSS 6.5fixed in 137.0.7151.55≥ 137.0.7151.55, < 137.0.7151.552025-05-27
CVE-2025-5066 [MEDIUM] CWE-451 CVE-2025-5066: Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed
Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-5283MEDIUMCVSS 5.4fixed in 137.0.7151.55≥ 137.0.7151.55, < 137.0.7151.552025-05-27
CVE-2025-5283 [MEDIUM] CWE-416 CVE-2025-5283: Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potent
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-5067MEDIUMCVSS 5.4fixed in 137.0.7151.55≥ 137.0.7151.55, < 137.0.7151.552025-05-27
CVE-2025-5067 [MEDIUM] CWE-290 CVE-2025-5067: Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote a
Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-5281MEDIUMCVSS 5.4fixed in 137.0.7151.55≥ 137.0.7151.55, < 137.0.7151.552025-05-27
CVE-2025-5281 [MEDIUM] CWE-200 CVE-2025-5281: Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote att
Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-4664MEDIUMCVSS 4.3fixed in 136.0.7103.113≥ 136.0.7103.113, < 136.0.7103.1132025-05-14
CVE-2025-4664 [MEDIUM] CVE-2025-4664: Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote
Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-4372HIGHCVSS 8.8fixed in 136.0.7103.92≥ 136.0.7103.92, < 136.0.7103.922025-05-06
CVE-2025-4372 [HIGH] CWE-416 CVE-2025-4372: Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to pote
Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-4052CRITICALCVSS 9.8fixed in 136.0.7103.59≥ 136.0.7103.59, < 136.0.7103.592025-05-05
CVE-2025-4052 [CRITICAL] CWE-838 CVE-2025-4052: Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote at
Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-4050HIGHCVSS 8.8fixed in 136.0.7103.59≥ 136.0.7103.59, < 136.0.7103.592025-05-05
CVE-2025-4050 [HIGH] CWE-787 CVE-2025-4050: Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote att
Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd