Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 24 of 199
CVE-2024-9121HIGHCVSS 8.8fixed in 129.0.6668.70≥ 129.0.6668.70, < 129.0.6668.702024-09-25
CVE-2024-9121 [HIGH] CWE-787 CVE-2024-9121: Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7024CRITICALCVSS 9.6fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-09-23
CVE-2024-7024 [CRITICAL] CWE-787 CVE-2024-7024: Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2021-38023HIGHCVSS 8.8fixed in 92.0.4515.107≥ 92.0.4515.107, < 92.0.4515.1072024-09-23
CVE-2021-38023 [HIGH] CWE-416 CVE-2021-38023: Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to po
Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2018-20072HIGHCVSS 7.8fixed in 73.0.3683.75≥ 73.0.3683.75, < 73.0.3683.752024-09-23
CVE-2018-20072 [HIGH] CVE-2018-20072: Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker
Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-7023HIGHCVSS 8.8fixed in 128.0.6537.0≥ 128.0.6537.0, < 128.0.6537.02024-09-23
CVE-2024-7023 [HIGH] CWE-20 CVE-2024-7023: Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote atta
Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7018HIGHCVSS 7.8fixed in 124.0.6367.78≥ 124.0.6367.78, < 124.0.6367.782024-09-23
CVE-2024-7018 [HIGH] CWE-122 CVE-2024-7018: Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to pot
Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7019MEDIUMCVSS 4.3fixed in 124.0.6367.60≥ 124.0.6367.60, < 124.0.6367.602024-09-23
CVE-2024-7019 [MEDIUM] CWE-451 CVE-2024-7019: Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker
Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7022MEDIUMCVSS 4.3fixed in 123.0.6312.58≥ 123.0.6312.58, < 123.0.6312.582024-09-23
CVE-2024-7022 [MEDIUM] CWE-457 CVE-2024-7022: Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform
Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2023-7282MEDIUMCVSS 4.3fixed in 113.0.5672.63≥ 113.0.5672.63, < 113.0.5672.632024-09-23
CVE-2023-7282 [MEDIUM] CWE-451 CVE-2023-7282: Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote
Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2023-7281MEDIUMCVSS 4.3fixed in 119.0.6045.105≥ 119.0.6045.105, < 119.0.6045.1052024-09-23
CVE-2023-7281 [MEDIUM] CWE-451 CVE-2023-7281: Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remot
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7020MEDIUMCVSS 4.3fixed in 124.0.6367.60≥ 124.0.6367.60, < 124.0.6367.602024-09-23
CVE-2024-7020 [MEDIUM] CWE-451 CVE-2024-7020: Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote at
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-8905HIGHCVSS 8.8fixed in 129.0.6668.58≥ 129.0.6668.58, < 129.0.6668.582024-09-17
CVE-2024-8905 [HIGH] CWE-787 CVE-2024-8905: Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-8904HIGHCVSS 8.8fixed in 129.0.6668.58≥ 129.0.6668.58, < 129.0.6668.582024-09-17
CVE-2024-8904 [HIGH] CWE-843 CVE-2024-8904: Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-8908MEDIUMCVSS 4.3fixed in 129.0.6668.58≥ 129.0.6668.58, < 129.0.6668.582024-09-17
CVE-2024-8908 [MEDIUM] CWE-290 CVE-2024-8908: Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote at
Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-8906MEDIUMCVSS 4.3fixed in 129.0.6668.58≥ 129.0.6668.58, < 129.0.6668.582024-09-17
CVE-2024-8906 [MEDIUM] CVE-2024-8906: Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker
Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-8907MEDIUMCVSS 6.1fixed in 129.0.6668.58≥ 129.0.6668.58, < 129.0.6668.582024-09-17
CVE-2024-8907 [MEDIUM] CWE-79 CVE-2024-8907: Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-8909MEDIUMCVSS 4.3fixed in 129.0.6668.58≥ 129.0.6668.58, < 129.0.6668.582024-09-17
CVE-2024-8909 [MEDIUM] CWE-451 CVE-2024-8909: Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote a
Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-8636HIGHCVSS 8.8fixed in 128.0.6613.137≥ 128.0.6613.137, < 128.0.6613.1372024-09-11
CVE-2024-8636 [HIGH] CWE-122 CVE-2024-8636: Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to p
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-8637HIGHCVSS 8.8fixed in 128.0.6613.137≥ 128.0.6613.137, < 128.0.6613.1372024-09-11
CVE-2024-8637 [HIGH] CWE-416 CVE-2024-8637: Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote
Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-8639HIGHCVSS 8.8fixed in 128.0.6613.137≥ 128.0.6613.137, < 128.0.6613.1372024-09-11
CVE-2024-8639 [HIGH] CWE-416 CVE-2024-8639: Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote atta
Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd