Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 27 of 199
CVE-2024-7003MEDIUMCVSS 4.3fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-7003 [MEDIUM] CWE-358 CVE-2024-7003: Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attac
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-7004MEDIUMCVSS 4.3fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-7004 [MEDIUM] CWE-20 CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-7001MEDIUMCVSS 4.3fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-7001 [MEDIUM] CWE-474 CVE-2024-7001: Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attack
Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-6999MEDIUMCVSS 4.3fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-6999 [MEDIUM] CWE-451 CVE-2024-6999: Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attac
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7005MEDIUMCVSS 4.3fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-7005 [MEDIUM] CWE-20 CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-6996LOWCVSS 3.1fixed in 127.0.6533.72≥ 127.0.6533.72, < 127.0.6533.722024-08-06
CVE-2024-6996 [LOW] CWE-362 CVE-2024-6996: Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a use
Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-7256HIGHCVSS 8.8fixed in 127.0.6533.88≥ 127.0.6533.88, < 127.0.6533.882024-08-01
CVE-2024-7256 [HIGH] CWE-345 CVE-2024-7256: Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a re
Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-7255HIGHCVSS 8.8fixed in 127.0.6533.88≥ 127.0.6533.88, < 127.0.6533.882024-08-01
CVE-2024-7255 [HIGH] CWE-125 CVE-2024-7255: Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker
Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6990HIGHCVSS 8.8fixed in 127.0.6533.88≥ 127.0.6533.88, < 127.0.6533.882024-08-01
CVE-2024-6990 [HIGH] CWE-457 CVE-2024-6990: Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attack
Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
cvelistv5nvd
CVE-2023-7012CRITICALCVSS 9.6fixed in 117.0.5938.62≥ 117.0.5938.62, < 117.0.5938.622024-07-16
CVE-2023-7012 [CRITICAL] CWE-20 CVE-2023-7012: Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed a
Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-6779CRITICALCVSS 9.6fixed in 126.0.6478.182≥ 126.0.6478.182, < 126.0.6478.1822024-07-16
CVE-2024-6779 [CRITICAL] CWE-787 CVE-2024-6779: Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker
Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2023-4860CRITICALCVSS 9.6fixed in 115.0.5790.98≥ 115.0.5790.98, < 115.0.5790.982024-07-16
CVE-2023-4860 [CRITICAL] CWE-303 CVE-2023-4860: Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attack
Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2019-25154CRITICALCVSS 9.6fixed in 77.0.3865.75≥ 77.0.3865.75, < 77.0.3865.752024-07-16
CVE-2019-25154 [CRITICAL] CVE-2019-25154: Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attac
Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-3171HIGHCVSS 8.8fixed in 122.0.6261.57≥ 122.0.6261.57, < 122.0.6261.572024-07-16
CVE-2024-3171 [HIGH] CWE-416 CVE-2024-3171: Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker wh
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-3169HIGHCVSS 8.8fixed in 121.0.6167.139≥ 121.0.6167.139, < 121.0.6167.1392024-07-16
CVE-2024-3169 [HIGH] CWE-416 CVE-2024-3169: Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potential
Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-3170HIGHCVSS 8.8fixed in 121.0.6167.85≥ 121.0.6167.85, < 121.0.6167.852024-07-16
CVE-2024-3170 [HIGH] CWE-416 CVE-2024-3170: Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potent
Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6776HIGHCVSS 8.8fixed in 126.0.6478.182≥ 126.0.6478.182, < 126.0.6478.1822024-07-16
CVE-2024-6776 [HIGH] CWE-416 CVE-2024-6776: Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potent
Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6775HIGHCVSS 8.8fixed in 126.0.6478.182≥ 126.0.6478.182, < 126.0.6478.1822024-07-16
CVE-2024-6775 [HIGH] CWE-416 CVE-2024-6775: Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker wh
Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6772HIGHCVSS 8.8fixed in 126.0.6478.182≥ 126.0.6478.182, < 126.0.6478.1822024-07-16
CVE-2024-6772 [HIGH] CWE-787 CVE-2024-6772: Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacke
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-3176HIGHCVSS 8.8fixed in 117.0.5938.62≥ 117.0.5938.62, < 117.0.5938.622024-07-16
CVE-2024-3176 [HIGH] CWE-787 CVE-2024-3176: Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker
Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd