Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 25 of 199
CVE-2024-8638HIGHCVSS 8.8fixed in 128.0.6613.137≥ 128.0.6613.137, < 128.0.6613.1372024-09-11
CVE-2024-8638 [HIGH] CWE-843 CVE-2024-8638: Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potential
Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-8362HIGHCVSS 8.8fixed in 128.0.6613.119≥ 128.0.6613.119, < 128.0.6613.1192024-09-03
CVE-2024-8362 [HIGH] CWE-416 CVE-2024-8362: Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to pot
Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7970HIGHCVSS 8.8fixed in 128.0.6613.119≥ 128.0.6613.119, < 128.0.6613.1192024-09-03
CVE-2024-7970 [HIGH] CWE-787 CVE-2024-7970: Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to pote
Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-8198HIGHCVSS 8.8fixed in 128.0.6613.113≥ 128.0.6613.113, < 128.0.6613.1132024-08-28
CVE-2024-8198 [HIGH] CWE-122 CVE-2024-8198: Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-8194HIGHCVSS 8.8fixed in 128.0.6613.113≥ 128.0.6613.113, < 128.0.6613.1132024-08-28
CVE-2024-8194 [HIGH] CWE-843 CVE-2024-8194: Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potential
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-8193HIGHCVSS 8.8fixed in 128.0.6613.113≥ 128.0.6613.113, < 128.0.6613.1132024-08-28
CVE-2024-8193 [HIGH] CWE-122 CVE-2024-8193: Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7971CRITICALCVSS 9.6KEVfixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7971 [CRITICAL] CWE-843 CVE-2024-7971: Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit he
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7967HIGHCVSS 8.8fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7967 [HIGH] CWE-122 CVE-2024-7967: Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to p
Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7972HIGHCVSS 8.8fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7972 [HIGH] CWE-119 CVE-2024-7972: Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7965HIGHCVSS 8.8KEVfixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7965 [HIGH] CWE-787 CVE-2024-7965: Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7964HIGHCVSS 8.8fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7964 [HIGH] CWE-416 CVE-2024-7964: Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote atta
Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7979HIGHCVSS 7.8fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7979 [HIGH] CWE-345 CVE-2024-7979: Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7966HIGHCVSS 8.8fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7966 [HIGH] CWE-119 CVE-2024-7966: Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacke
Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7969HIGHCVSS 8.8fixed in 128.0.6613.84≥ 128.0.6613.113, < 128.0.6613.1132024-08-21
CVE-2024-7969 [HIGH] CWE-843 CVE-2024-7969: Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potential
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7973HIGHCVSS 8.8fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7973 [HIGH] CWE-122 CVE-2024-7973: Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to
Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7968HIGHCVSS 8.8fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7968 [HIGH] CWE-416 CVE-2024-7968: Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had
Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7977HIGHCVSS 7.8fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7977 [HIGH] CWE-20 CVE-2024-7977: Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7980HIGHCVSS 7.8fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7980 [HIGH] CWE-345 CVE-2024-7980: Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7974HIGHCVSS 8.8fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7974 [HIGH] CWE-20 CVE-2024-7974: Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote atta
Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7975MEDIUMCVSS 4.3fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7975 [MEDIUM] CVE-2024-7975: Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote
Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd