Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 21 of 199
CVE-2025-0612HIGHCVSS 7.5fixed in 132.0.6834.110≥ 132.0.6834.110, < 132.0.6834.1102025-01-22
CVE-2025-0612 [HIGH] CWE-125 CVE-2025-0612: Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-0611HIGHCVSS 8.2fixed in 132.0.6834.110≥ 132.0.6834.110, < 132.0.6834.1102025-01-22
CVE-2025-0611 [HIGH] CWE-122 CVE-2025-0611: Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potent
Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-0434HIGHCVSS 8.8fixed in 132.0.6834.83≥ 132.0.6834.83, < 132.0.6834.832025-01-15
CVE-2025-0434 [HIGH] CWE-122 CVE-2025-0434: Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-0443HIGHCVSS 8.8fixed in 132.0.6834.83≥ 132.0.6834.83, < 132.0.6834.832025-01-15
CVE-2025-0443 [HIGH] CWE-79 CVE-2025-0443: Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-0447HIGHCVSS 8.8fixed in 132.0.6834.83≥ 132.0.6834.83, < 132.0.6834.832025-01-15
CVE-2025-0447 [HIGH] CWE-79 CVE-2025-0447: Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-0438HIGHCVSS 8.8fixed in 132.0.6834.83≥ 132.0.6834.83, < 132.0.6834.832025-01-15
CVE-2025-0438 [HIGH] CWE-121 CVE-2025-0438: Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker t
Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-0436HIGHCVSS 8.8fixed in 132.0.6834.83≥ 132.0.6834.83, < 132.0.6834.832025-01-15
CVE-2025-0436 [HIGH] CWE-472 CVE-2025-0436: Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potent
Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-0437HIGHCVSS 8.8fixed in 132.0.6834.83≥ 132.0.6834.83, < 132.0.6834.832025-01-15
CVE-2025-0437 [HIGH] CWE-125 CVE-2025-0437: Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to p
Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-0440MEDIUMCVSS 6.5fixed in 132.0.6834.83≥ 132.0.6834.83, < 132.0.6834.832025-01-15
CVE-2025-0440 [MEDIUM] CWE-290 CVE-2025-0440: Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowe
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-0435MEDIUMCVSS 6.5fixed in 132.0.6834.83≥ 132.0.6834.83, < 132.0.6834.832025-01-15
CVE-2025-0435 [MEDIUM] CWE-451 CVE-2025-0435: Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowe
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-0446MEDIUMCVSS 4.3fixed in 132.0.6834.83≥ 132.0.6834.83, < 132.0.6834.832025-01-15
CVE-2025-0446 [MEDIUM] CWE-451 CVE-2025-0446: Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-0442MEDIUMCVSS 6.5fixed in 132.0.6834.83≥ 132.0.6834.83, < 132.0.6834.832025-01-15
CVE-2025-0442 [MEDIUM] CWE-290 CVE-2025-0442: Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote at
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-0441MEDIUMCVSS 6.5fixed in 132.0.6834.83≥ 132.0.6834.83, < 132.0.6834.832025-01-15
CVE-2025-0441 [MEDIUM] CWE-200 CVE-2025-0441: Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remo
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-0439MEDIUMCVSS 6.5fixed in 132.0.6834.83≥ 132.0.6834.83, < 132.0.6834.832025-01-15
CVE-2025-0439 [MEDIUM] CWE-362 CVE-2025-0439: Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a use
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2025-0448MEDIUMCVSS 4.3fixed in 132.0.6834.83≥ 132.0.6834.83, < 132.0.6834.832025-01-15
CVE-2025-0448 [MEDIUM] CWE-79 CVE-2025-0448: Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2025-0291HIGHCVSS 8.8fixed in 131.0.6778.264≥ 131.0.6778.264, < 131.0.6778.2642025-01-08
CVE-2025-0291 [HIGH] CWE-843 CVE-2025-0291: Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute a
Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-12695HIGHCVSS 8.8fixed in 131.0.6778.204≥ 131.0.6778.204, < 131.0.6778.2042024-12-18
CVE-2024-12695 [HIGH] CWE-787 CVE-2024-12695: Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to exec
Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-12692HIGHCVSS 8.8fixed in 131.0.6778.204≥ 131.0.6778.204, < 131.0.6778.2042024-12-18
CVE-2024-12692 [HIGH] CWE-843 CVE-2024-12692: Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potential
Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-12693HIGHCVSS 8.8fixed in 131.0.6778.204≥ 131.0.6778.204, < 131.0.6778.2042024-12-18
CVE-2024-12693 [HIGH] CWE-787 CVE-2024-12693: Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker
Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-12694HIGHCVSS 8.8fixed in 131.0.6778.204≥ 131.0.6778.204, < 131.0.6778.2042024-12-18
CVE-2024-12694 [HIGH] CWE-416 CVE-2024-12694: Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to
Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd