Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 19 of 199
CVE-2025-4096HIGHCVSS 8.8fixed in 136.0.7103.59≥ 136.0.7103.59, < 136.0.7103.592025-05-05
CVE-2025-4096 [HIGH] CWE-122 CVE-2025-4096: Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to po
Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-4051MEDIUMCVSS 6.3fixed in 136.0.7103.59≥ 136.0.7103.59, < 136.0.7103.592025-05-05
CVE-2025-4051 [MEDIUM] CWE-284 CVE-2025-4051: Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote at
Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-3620HIGHCVSS 8.8fixed in 135.0.7049.95≥ 135.0.7049.95, < 135.0.7049.952025-04-16
CVE-2025-3620 [HIGH] CWE-416 CVE-2025-3620: Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potential
Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-3619HIGHCVSS 8.8fixed in 135.0.7049.95≥ 135.0.7049.95, < 135.0.7049.952025-04-16
CVE-2025-3619 [HIGH] CWE-122 CVE-2025-3619: Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote a
Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
cvelistv5nvd
CVE-2025-1292MEDIUMCVSS 6.7v122.0.6261.1322025-04-15
CVE-2025-1292 [MEDIUM] CWE-787 CVE-2025-1292: Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boar
Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and
bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
nvd
CVE-2025-1122MEDIUMCVSS 6.7v122.0.6261.1322025-04-15
CVE-2025-1122 [MEDIUM] CWE-787 CVE-2025-1122: Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards a
Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and
Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
nvd
CVE-2025-3068HIGHCVSS 8.8fixed in 135.0.7049.52≥ 135.0.7049.52, < 135.0.7049.522025-04-02
CVE-2025-3068 [HIGH] CWE-20 CVE-2025-3068: Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a
Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-3066HIGHCVSS 8.8fixed in 135.0.7049.52≥ 135.0.7049.84, < 135.0.7049.842025-04-02
CVE-2025-3066 [HIGH] CWE-416 CVE-2025-3066: Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker t
Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-3067HIGHCVSS 8.6fixed in 135.0.7049.52≥ 135.0.7049.52, < 135.0.7049.522025-04-02
CVE-2025-3067 [HIGH] CVE-2025-3067: Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allow
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-3069HIGHCVSS 8.8fixed in 135.0.7049.52≥ 135.0.7049.52, < 135.0.7049.522025-04-02
CVE-2025-3069 [HIGH] CWE-358 CVE-2025-3069: Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote
Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-3070MEDIUMCVSS 6.5fixed in 135.0.7049.52≥ 135.0.7049.52, < 135.0.7049.522025-04-02
CVE-2025-3070 [MEDIUM] CWE-20 CVE-2025-3070: Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 all
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-3071MEDIUMCVSS 5.4fixed in 135.0.7049.52≥ 135.0.7049.52, < 135.0.7049.522025-04-02
CVE-2025-3071 [MEDIUM] CWE-346 CVE-2025-3071: Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-3072MEDIUMCVSS 5.4fixed in 135.0.7049.52≥ 135.0.7049.52, < 135.0.7049.522025-04-02
CVE-2025-3072 [MEDIUM] CWE-451 CVE-2025-3072: Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote
Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-3073MEDIUMCVSS 5.4fixed in 135.0.7049.52≥ 135.0.7049.52, < 135.0.7049.522025-04-02
CVE-2025-3073 [MEDIUM] CWE-451 CVE-2025-3073: Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote at
Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-3074MEDIUMCVSS 5.4fixed in 135.0.7049.52≥ 135.0.7049.52, < 135.0.7049.522025-04-02
CVE-2025-3074 [MEDIUM] CWE-451 CVE-2025-3074: Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote a
Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-2783HIGHCVSS 8.3KEVPoCfixed in 134.0.6998.1772025-03-26
CVE-2025-2783 [HIGH] CVE-2025-2783: Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-2476HIGHCVSS 8.8fixed in 134.0.6998.117≥ 134.0.6998.117, < 134.0.6998.1172025-03-19
CVE-2025-2476 [HIGH] CWE-416 CVE-2025-2476: Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potenti
Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
cvelistv5nvd
CVE-2025-2137HIGHCVSS 8.8fixed in 134.0.6998.88≥ 134.0.6998.88, < 134.0.6998.882025-03-10
CVE-2025-2137 [HIGH] CWE-125 CVE-2025-2137: Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perfor
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-2135HIGHCVSS 8.8fixed in 134.0.6998.88≥ 134.0.6998.88, < 134.0.6998.882025-03-10
CVE-2025-2135 [HIGH] CWE-843 CVE-2025-2135: Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-2136HIGHCVSS 8.8fixed in 134.0.6998.88≥ 134.0.6998.88, < 134.0.6998.882025-03-10
CVE-2025-2136 [HIGH] CWE-416 CVE-2025-2136: Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to pot
Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd