Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 26 of 199
CVE-2024-7976MEDIUMCVSS 4.3fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7976 [MEDIUM] CWE-79 CVE-2024-7976: Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attac
Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-8034MEDIUMCVSS 4.3fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-8034 [MEDIUM] CVE-2024-8034: Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allow
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-7978MEDIUMCVSS 4.3fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7978 [MEDIUM] CWE-346 CVE-2024-7978: Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a r
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7981MEDIUMCVSS 4.3fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-7981 [MEDIUM] CWE-290 CVE-2024-7981: Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attac
Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-8033MEDIUMCVSS 4.3fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-8033 [MEDIUM] CVE-2024-8033: Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 a
Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-8035MEDIUMCVSS 4.3fixed in 128.0.6613.84≥ 128.0.6613.84, < 128.0.6613.842024-08-21
CVE-2024-8035 [MEDIUM] CWE-79 CVE-2024-8035: Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowe
Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-6998HIGHCVSS 8.8fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-6998 [HIGH] CWE-416 CVE-2024-6998: Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker w
Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-6988HIGHCVSS 8.8fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-6988 [HIGH] CWE-416 CVE-2024-6988: Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker
Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6994HIGHCVSS 8.8fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-6994 [HIGH] CWE-122 CVE-2024-6994: Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to
Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7532HIGHCVSS 8.8fixed in 127.0.6533.99≥ 127.0.6533.99, < 127.0.6533.992024-08-06
CVE-2024-7532 [HIGH] CWE-787 CVE-2024-7532: Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attack
Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
cvelistv5nvd
CVE-2024-7536HIGHCVSS 8.8fixed in 127.0.6533.99≥ 127.0.6533.99, < 127.0.6533.992024-08-06
CVE-2024-7536 [HIGH] CWE-416 CVE-2024-7536: Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to pote
Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6991HIGHCVSS 8.8fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-6991 [HIGH] CWE-416 CVE-2024-6991: Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentia
Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7550HIGHCVSS 8.8fixed in 127.0.6533.99≥ 127.0.6533.99, < 127.0.6533.992024-08-06
CVE-2024-7550 [HIGH] CWE-843 CVE-2024-7550: Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6997HIGHCVSS 8.8fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-6997 [HIGH] CWE-416 CVE-2024-6997: Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinc
Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7000HIGHCVSS 8.8fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-7000 [HIGH] CWE-416 CVE-2024-7000: Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convince
Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-6989HIGHCVSS 8.8fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-6989 [HIGH] CWE-416 CVE-2024-6989: Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potent
Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7533HIGHCVSS 8.8fixed in 127.0.6533.99≥ 127.0.6533.99, < 127.0.6533.992024-08-06
CVE-2024-7533 [HIGH] CWE-416 CVE-2024-7533: Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker t
Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7535HIGHCVSS 8.8fixed in 127.0.6533.99≥ 127.0.6533.99, < 127.0.6533.992024-08-06
CVE-2024-7535 [HIGH] CWE-787 CVE-2024-7535: Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7534HIGHCVSS 8.8fixed in 127.0.6533.99≥ 127.0.6533.99, < 127.0.6533.992024-08-06
CVE-2024-7534 [HIGH] CWE-122 CVE-2024-7534: Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to
Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6995MEDIUMCVSS 4.7fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-6995 [MEDIUM] CWE-358 CVE-2024-6995: Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowe
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd