Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 22 of 199
CVE-2024-12381HIGHCVSS 8.8fixed in 131.0.6778.139≥ 131.0.6778.139, < 131.0.6778.1392024-12-12
CVE-2024-12381 [HIGH] CWE-843 CVE-2024-12381: Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potential
Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-12382HIGHCVSS 8.8fixed in 131.0.6778.139≥ 131.0.6778.139, < 131.0.6778.1392024-12-12
CVE-2024-12382 [HIGH] CWE-416 CVE-2024-12382: Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to po
Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-12053HIGHCVSS 8.8fixed in 131.0.6778.108≥ 131.0.6778.108, < 131.0.6778.1082024-12-03
CVE-2024-12053 [HIGH] CWE-843 CVE-2024-12053: Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potential
Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-9369CRITICALCVSS 9.6fixed in 129.0.6668.89≥ 129.0.6668.89, < 129.0.6668.892024-11-27
CVE-2024-9369 [CRITICAL] CWE-1284 CVE-2024-9369: Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attack
Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7025HIGHCVSS 8.8fixed in 129.0.6668.89≥ 129.0.6668.89, < 129.0.6668.892024-11-27
CVE-2024-7025 [HIGH] CWE-472 CVE-2024-7025: Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to pote
Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-11395HIGHCVSS 8.8fixed in 131.0.6778.85≥ 131.0.6778.85, < 131.0.6778.852024-11-19
CVE-2024-11395 [HIGH] CWE-843 CVE-2024-11395: Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-11113HIGHCVSS 8.8fixed in 131.0.6778.69≥ 131.0.6778.69, < 131.0.6778.692024-11-12
CVE-2024-11113 [HIGH] CWE-416 CVE-2024-11113: Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker wh
Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-11112HIGHCVSS 8.8fixed in 131.0.6778.69≥ 131.0.6778.69, < 131.0.6778.692024-11-12
CVE-2024-11112 [HIGH] CWE-416 CVE-2024-11112: Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker
Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-11114HIGHCVSS 8.3fixed in 131.0.6778.69≥ 131.0.6778.69, < 131.0.6778.692024-11-12
CVE-2024-11114 [HIGH] CVE-2024-11114: Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a r
Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-11115HIGHCVSS 8.8fixed in 131.0.6778.69≥ 131.0.6778.69, < 131.0.6778.692024-11-12
CVE-2024-11115 [HIGH] CWE-79 CVE-2024-11115: Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed
Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-11111MEDIUMCVSS 4.3fixed in 131.0.6778.69≥ 131.0.6778.69, < 131.0.6778.692024-11-12
CVE-2024-11111 [MEDIUM] CWE-79 CVE-2024-11111: Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote at
Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-11117MEDIUMCVSS 4.3fixed in 131.0.6778.69≥ 131.0.6778.69, < 131.0.6778.692024-11-12
CVE-2024-11117 [MEDIUM] CWE-79 CVE-2024-11117: Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote
Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-11116MEDIUMCVSS 4.3fixed in 131.0.6778.69≥ 131.0.6778.69, < 131.0.6778.692024-11-12
CVE-2024-11116 [MEDIUM] CWE-79 CVE-2024-11116: Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attac
Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-11110MEDIUMCVSS 6.5fixed in 131.0.6778.69≥ 131.0.6778.69, < 131.0.6778.692024-11-12
CVE-2024-11110 [MEDIUM] CWE-79 CVE-2024-11110: Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote
Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-10826HIGHCVSS 8.8fixed in 130.0.6723.116≥ 130.0.6723.116, < 130.0.6723.1162024-11-06
CVE-2024-10826 [HIGH] CWE-416 CVE-2024-10826: Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a r
Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-10827HIGHCVSS 8.8fixed in 130.0.6723.116≥ 130.0.6723.116, < 130.0.6723.1162024-11-06
CVE-2024-10827 [HIGH] CWE-416 CVE-2024-10827: Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to poten
Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-10488HIGHCVSS 8.8fixed in 130.0.6723.92≥ 130.0.6723.92, < 130.0.6723.922024-10-29
CVE-2024-10488 [HIGH] CWE-416 CVE-2024-10488: Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potent
Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-10487HIGHCVSS 8.8fixed in 130.0.6723.92≥ 130.0.6723.92, < 130.0.6723.922024-10-29
CVE-2024-10487 [HIGH] CWE-787 CVE-2024-10487: Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to per
Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
cvelistv5nvd
CVE-2024-10231HIGHCVSS 8.8fixed in 130.0.6723.69≥ 130.0.6723.69, < 130.0.6723.692024-10-22
CVE-2024-10231 [HIGH] CWE-843 CVE-2024-10231: Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-10230HIGHCVSS 8.8fixed in 130.0.6723.69≥ 130.0.6723.69, < 130.0.6723.692024-10-22
CVE-2024-10230 [HIGH] CWE-843 CVE-2024-10230: Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd