Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 20 of 199
CVE-2025-1920HIGHCVSS 8.8fixed in 134.0.6998.88≥ 134.0.6998.88, < 134.0.6998.882025-03-10
CVE-2025-1920 [HIGH] CWE-843 CVE-2025-1920: Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-1915HIGHCVSS 8.1fixed in 134.0.6998.35≥ 134.0.6998.35, < 134.0.6998.352025-03-05
CVE-2025-1915 [HIGH] CWE-22 CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows
Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-1918HIGHCVSS 8.8fixed in 134.0.6998.35≥ 134.0.6998.35, < 134.0.6998.352025-03-05
CVE-2025-1918 [HIGH] CWE-125 CVE-2025-1918: Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to po
Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-1916HIGHCVSS 8.8fixed in 134.0.6998.35≥ 134.0.6998.35, < 134.0.6998.352025-03-05
CVE-2025-1916 [HIGH] CWE-416 CVE-2025-1916: Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced
Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-1919HIGHCVSS 8.8fixed in 134.0.6998.35≥ 134.0.6998.35, < 134.0.6998.352025-03-05
CVE-2025-1919 [HIGH] CWE-125 CVE-2025-1919: Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to pot
Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-1914HIGHCVSS 8.8fixed in 134.0.6998.35≥ 134.0.6998.35, < 134.0.6998.352025-03-05
CVE-2025-1914 [HIGH] CWE-125 CVE-2025-1914: Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perfor
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-1921MEDIUMCVSS 6.5fixed in 134.0.6998.35≥ 134.0.6998.35, < 134.0.6998.352025-03-05
CVE-2025-1921 [MEDIUM] CWE-1230 CVE-2025-1921: Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remot
Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-1923MEDIUMCVSS 4.3fixed in 134.0.6998.35≥ 134.0.6998.35, < 134.0.6998.352025-03-05
CVE-2025-1923 [MEDIUM] CWE-1021 CVE-2025-1923: Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed a
Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-1922MEDIUMCVSS 4.3fixed in 134.0.6998.35≥ 134.0.6998.35, < 134.0.6998.352025-03-05
CVE-2025-1922 [MEDIUM] CWE-451 CVE-2025-1922: Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-1917MEDIUMCVSS 4.3fixed in 134.0.6998.35≥ 134.0.6998.35, < 134.0.6998.352025-03-05
CVE-2025-1917 [MEDIUM] CWE-1021 CVE-2025-1917: Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowe
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-0999HIGHCVSS 8.8fixed in 133.0.6943.126≥ 133.0.6943.126, < 133.0.6943.1262025-02-19
CVE-2025-0999 [HIGH] CWE-122 CVE-2025-0999: Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to pot
Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-1426HIGHCVSS 8.8fixed in 133.0.6943.126≥ 133.0.6943.126, < 133.0.6943.1262025-02-19
CVE-2025-1426 [HIGH] CWE-122 CVE-2025-1426: Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote att
Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-1006HIGHCVSS 8.8fixed in 133.0.6943.126≥ 133.0.6943.126, < 133.0.6943.1262025-02-19
CVE-2025-1006 [HIGH] CWE-416 CVE-2025-1006: Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to pote
Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-0995HIGHCVSS 8.8fixed in 133.0.69943.98≥ 133.0.6943.98, < 133.0.6943.982025-02-15
CVE-2025-0995 [HIGH] CWE-416 CVE-2025-0995: Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentiall
Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-0997HIGHCVSS 8.1fixed in 133.0.6943.98≥ 133.0.6943.98, < 133.0.6943.982025-02-15
CVE-2025-0997 [HIGH] CWE-416 CVE-2025-0997: Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to po
Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-0996MEDIUMCVSS 5.4fixed in 133.0.6943.98≥ 133.0.6943.98, < 133.0.6943.982025-02-15
CVE-2025-0996 [MEDIUM] CWE-1007 CVE-2025-0996: Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowe
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-0445MEDIUMCVSS 5.4fixed in 133.0.6943.53≥ 133.0.6943.53, < 133.0.6943.532025-02-04
CVE-2025-0445 [MEDIUM] CWE-416 CVE-2025-0445: Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentiall
Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-0444MEDIUMCVSS 6.3fixed in 133.0.6943.53≥ 133.0.6943.53, < 133.0.6943.532025-02-04
CVE-2025-0444 [MEDIUM] CWE-416 CVE-2025-0444: Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentia
Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-0451MEDIUMCVSS 6.3fixed in 133.0.6943.53≥ 133.0.6943.53, < 133.0.6943.532025-02-04
CVE-2025-0451 [MEDIUM] CWE-451 CVE-2025-0451: Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a rem
Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-0762HIGHCVSS 8.8fixed in 132.0.6834.159≥ 132.0.6834.159, < 132.0.6834.1592025-01-29
CVE-2025-0762 [HIGH] CWE-416 CVE-2025-0762: Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to pot
Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
cvelistv5nvd