Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 23 of 199
CVE-2024-10229HIGHCVSS 8.1fixed in 130.0.6723.69≥ 130.0.6723.69, < 130.0.6723.692024-10-22
CVE-2024-10229 [HIGH] CVE-2024-10229: Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote
Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-9960HIGHCVSS 7.5fixed in 130.0.6723.58≥ 130.0.6723.58, < 130.0.6723.582024-10-15
CVE-2024-9960 [HIGH] CWE-416 CVE-2024-9960: Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentia
Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-9957HIGHCVSS 8.8fixed in 130.0.6723.58≥ 130.0.6723.58, < 130.0.6723.582024-10-15
CVE-2024-9957 [HIGH] CWE-416 CVE-2024-9957: Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who co
Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-9954HIGHCVSS 8.8fixed in 130.0.6723.58≥ 130.0.6723.58, < 130.0.6723.582024-10-15
CVE-2024-9954 [HIGH] CWE-416 CVE-2024-9954: Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentiall
Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-9961HIGHCVSS 8.8fixed in 130.0.6723.58≥ 130.0.6723.58, < 130.0.6723.582024-10-15
CVE-2024-9961 [HIGH] CWE-416 CVE-2024-9961: Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote att
Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-9956HIGHCVSS 7.8fixed in 130.0.6723.58≥ 130.0.6723.58, < 130.0.6723.582024-10-15
CVE-2024-9956 [HIGH] CVE-2024-9956: Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58
Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-9965HIGHCVSS 8.8fixed in 130.0.6723.58≥ 130.0.6723.58, < 130.0.6723.582024-10-15
CVE-2024-9965 [HIGH] CVE-2024-9965: Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-9959HIGHCVSS 8.8fixed in 130.0.6723.58≥ 130.0.6723.58, < 130.0.6723.582024-10-15
CVE-2024-9959 [HIGH] CWE-416 CVE-2024-9959: Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had
Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-9955HIGHCVSS 8.8fixed in 130.0.6723.58≥ 130.0.6723.58, < 130.0.6723.582024-10-15
CVE-2024-9955 [HIGH] CWE-416 CVE-2024-9955: Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacke
Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-9966MEDIUMCVSS 5.3fixed in 130.0.6723.58≥ 130.0.6723.58, < 130.0.6723.582024-10-15
CVE-2024-9966 [MEDIUM] CVE-2024-9966: Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-9962MEDIUMCVSS 4.3fixed in 130.0.6723.58≥ 130.0.6723.58, < 130.0.6723.582024-10-15
CVE-2024-9962 [MEDIUM] CVE-2024-9962: Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote
Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-9963MEDIUMCVSS 4.3fixed in 130.0.6723.58≥ 130.0.6723.58, < 130.0.6723.582024-10-15
CVE-2024-9963 [MEDIUM] CVE-2024-9963: Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote a
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-9958MEDIUMCVSS 4.3fixed in 130.0.6723.58≥ 130.0.6723.58, < 130.0.6723.582024-10-15
CVE-2024-9958 [MEDIUM] CVE-2024-9958: Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a r
Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-9964MEDIUMCVSS 4.3fixed in 130.0.6723.58≥ 130.0.6723.58, < 130.0.6723.582024-10-15
CVE-2024-9964 [MEDIUM] CVE-2024-9964: Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote at
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-9859HIGHCVSS 8.8fixed in 126.0.6478.126≥ 126.0.6478.126, < 126.0.6478.1262024-10-11
CVE-2024-9859 [HIGH] CWE-843 CVE-2024-9859: Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to
Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-9603HIGHCVSS 8.8fixed in 129.0.6668.100≥ 129.0.6668.100, < 129.0.6668.1002024-10-08
CVE-2024-9603 [HIGH] CWE-843 CVE-2024-9603: Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potential
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-9602HIGHCVSS 8.8fixed in 129.0.6668.100≥ 129.0.6668.100, < 129.0.6668.1002024-10-08
CVE-2024-9602 [HIGH] CWE-843 CVE-2024-9602: Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform a
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-9120HIGHCVSS 8.8fixed in 129.0.6668.70≥ 129.0.6668.70, < 129.0.6668.702024-09-25
CVE-2024-9120 [HIGH] CWE-416 CVE-2024-9120: Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker
Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-9122HIGHCVSS 8.8fixed in 129.0.6668.70≥ 129.0.6668.70, < 129.0.6668.702024-09-25
CVE-2024-9122 [HIGH] CWE-843 CVE-2024-9122: Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform ou
Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-9123HIGHCVSS 8.8fixed in 129.0.6668.70≥ 129.0.6668.70, < 129.0.6668.702024-09-25
CVE-2024-9123 [HIGH] CWE-472 CVE-2024-9123: Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perfor
Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd