Google Chrome vulnerabilities

4,008 known vulnerabilities affecting google/chrome.

Total CVEs
4,008
CISA KEV
74
actively exploited
Public exploits
64
Exploited in wild
65
Severity breakdown
CRITICAL300HIGH2051MEDIUM1628LOW19UNKNOWN10

Vulnerabilities

Page 181 of 201
CVE-2011-2880MEDIUMCVSS 6.8fixed in 14.0.835.2022011-10-04
CVE-2011-2880 [MEDIUM] CWE-416 CVE-2011-2880: Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.
nvd
CVE-2011-2853HIGHCVSS 7.5fixed in 14.0.835.1632011-09-19
CVE-2011-2853 [HIGH] CWE-416 CVE-2011-2853: Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling.
nvd
CVE-2011-2842HIGHCVSS 7.5fixed in 14.0.835.1632011-09-19
CVE-2011-2842 [HIGH] CWE-20 CVE-2011-2842: The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors.
nvd
CVE-2011-2838HIGHCVSS 7.5fixed in 14.0.835.1632011-09-19
CVE-2011-2838 [HIGH] CWE-20 CVE-2011-2838: Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a p Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors.
nvd
CVE-2011-2862HIGHCVSS 7.5fixed in 14.0.835.1632011-09-19
CVE-2011-2862 [HIGH] CWE-264 CVE-2011-2862: Google V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built- Google V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built-in objects, which has unspecified impact and remote attack vectors.
nvd
CVE-2011-2860HIGHCVSS 7.5fixed in 14.0.835.1632011-09-19
CVE-2011-2860 [HIGH] CWE-416 CVE-2011-2860: Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.
nvd
CVE-2011-2836HIGHCVSS 7.5fixed in 14.0.835.1632011-09-19
CVE-2011-2836 [HIGH] CVE-2011-2836: Google Chrome before 14.0.835.163 does not require Infobar interaction before use of the Windows Med Google Chrome before 14.0.835.163 does not require Infobar interaction before use of the Windows Media Player plug-in, which makes it easier for remote attackers to have an unspecified impact via crafted Flash content.
nvd
CVE-2011-2837HIGHCVSS 7.5fixed in 14.0.835.1632011-09-19
CVE-2011-2837 [HIGH] CVE-2011-2837: Google Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for positio Google Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors.
nvd
CVE-2011-2856HIGHCVSS 7.5fixed in 14.0.835.1632011-09-19
CVE-2011-2856 [HIGH] CWE-346 CVE-2011-2856: Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
nvd
CVE-2011-2835MEDIUMCVSS 6.8fixed in 14.0.835.1632011-09-19
CVE-2011-2835 [MEDIUM] CWE-362 CVE-2011-2835: Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache.
nvd
CVE-2011-2864MEDIUMCVSS 5.0fixed in 14.0.835.1632011-09-19
CVE-2011-2864 [MEDIUM] CWE-125 CVE-2011-2864: Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote a Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
nvd
CVE-2011-2851MEDIUMCVSS 5.0fixed in 14.0.835.1632011-09-19
CVE-2011-2851 [MEDIUM] CWE-125 CVE-2011-2851: Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to c Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
nvd
CVE-2011-2852MEDIUMCVSS 6.8fixed in 14.0.835.1632011-09-19
CVE-2011-2852 [MEDIUM] CWE-193 CVE-2011-2852: Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
nvd
CVE-2011-3234MEDIUMCVSS 5.0fixed in 14.0.835.1632011-09-19
CVE-2011-3234 [MEDIUM] CWE-125 CVE-2011-3234: Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to c Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
nvd
CVE-2011-2841MEDIUMCVSS 6.8PoCfixed in 14.0.835.1632011-09-19
CVE-2011-2841 [MEDIUM] CWE-20 CVE-2011-2841: Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
nvd
CVE-2011-2850MEDIUMCVSS 5.0fixed in 14.0.835.1632011-09-19
CVE-2011-2850 [MEDIUM] CWE-125 CVE-2011-2850: Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote att Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
nvd
CVE-2011-2840MEDIUMCVSS 4.3fixed in 14.0.835.1632011-09-19
CVE-2011-2840 [MEDIUM] CWE-20 CVE-2011-2840: Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vec Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction."
nvd
CVE-2011-2857MEDIUMCVSS 6.8fixed in 14.0.835.1632011-09-19
CVE-2011-2857 [MEDIUM] CWE-416 CVE-2011-2857: Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.
nvd
CVE-2011-2858MEDIUMCVSS 5.0fixed in 14.0.835.1632011-09-19
CVE-2011-2858 [MEDIUM] CWE-125 CVE-2011-2858: Google Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote atta Google Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
nvd
CVE-2011-2861MEDIUMCVSS 6.8fixed in 14.0.835.1632011-09-19
CVE-2011-2861 [MEDIUM] CWE-20 CVE-2011-2861: Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows re Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation.
nvd
← Previous181 / 201Next →