Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 28 of 199
CVE-2024-3172HIGHCVSS 8.8fixed in 121.0.6167.85≥ 121.0.6167.85, < 121.0.6167.852024-07-16
CVE-2024-3172 [HIGH] CWE-20 CVE-2024-3172: Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote at
Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-3174HIGHCVSS 8.8fixed in 119.0.6045.105≥ 119.0.6045.105, < 119.0.6045.1052024-07-16
CVE-2024-3174 [HIGH] CWE-79 CVE-2024-3174: Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacke
Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6774HIGHCVSS 8.8fixed in 126.0.6478.182≥ 126.0.6478.182, < 126.0.6478.1822024-07-16
CVE-2024-6774 [HIGH] CWE-416 CVE-2024-6774: Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker
Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6773HIGHCVSS 8.8fixed in 126.0.6478.182≥ 126.0.6478.182, < 126.0.6478.1822024-07-16
CVE-2024-6773 [HIGH] CWE-787 CVE-2024-6773: Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacke
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2023-7010HIGHCVSS 8.8fixed in 117.0.5938.62≥ 117.0.5938.62, < 117.0.5938.622024-07-16
CVE-2023-7010 [HIGH] CWE-416 CVE-2023-7010: Use after free in WebRTC in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potent
Use after free in WebRTC in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-3173HIGHCVSS 8.8fixed in 120.0.6099.62≥ 120.0.6099.62, < 120.0.6099.622024-07-16
CVE-2024-3173 [HIGH] CWE-345 CVE-2024-3173: Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote att
Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-3168HIGHCVSS 8.8fixed in 122.0.6261.57≥ 122.0.6261.57, < 122.0.6261.572024-07-16
CVE-2024-3168 [HIGH] CWE-416 CVE-2024-3168: Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to pote
Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-6778HIGHCVSS 7.5fixed in 126.0.6478.182≥ 126.0.6478.182, < 126.0.6478.1822024-07-16
CVE-2024-6778 [HIGH] CWE-362 CVE-2024-6778: Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user t
Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-2884MEDIUMCVSS 6.5fixed in 121.0.6167.139≥ 121.0.6167.139, < 121.0.6167.1392024-07-16
CVE-2024-2884 [MEDIUM] CWE-125 CVE-2024-2884: Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to poten
Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-6777MEDIUMCVSS 6.5fixed in 126.0.6478.182≥ 126.0.6478.182, < 126.0.6478.1822024-07-16
CVE-2024-6777 [MEDIUM] CWE-416 CVE-2024-6777: Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convin
Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
cvelistv5nvd
CVE-2023-7011MEDIUMCVSS 6.5fixed in 119.0.6045.105≥ 119.0.6045.105, < 119.0.6045.1052024-07-16
CVE-2023-7011 [MEDIUM] CWE-451 CVE-2023-7011: Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed
Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2023-7013MEDIUMCVSS 4.7fixed in 119.0.6045.105≥ 119.0.6045.105, < 119.0.6045.1052024-07-16
CVE-2023-7013 [MEDIUM] CWE-1021 CVE-2023-7013: Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remot
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-5500MEDIUMCVSS 6.5fixed in 122.0.6261.57≥ 122.0.6261.57, < 122.0.6261.572024-07-16
CVE-2024-5500 [MEDIUM] CWE-358 CVE-2024-5500: Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attack
Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2020-36765MEDIUMCVSS 6.5fixed in 85.0.4183.83≥ 85.0.4183.83, < 85.0.4183.832024-07-16
CVE-2020-36765 [MEDIUM] CVE-2020-36765: Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remot
Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2024-3175MEDIUMCVSS 6.3fixed in 120.0.6099.62≥ 120.0.6099.62, < 120.0.6099.622024-07-16
CVE-2024-3175 [MEDIUM] CWE-1287 CVE-2024-3175: Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)
cvelistv5nvd
CVE-2024-6293HIGHCVSS 8.8fixed in 126.0.6478.126≥ 126.0.6478.126, < 126.0.6478.1262024-06-24
CVE-2024-6293 [HIGH] CWE-416 CVE-2024-6293: Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potenti
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6291HIGHCVSS 8.8fixed in 126.0.6478.126≥ 126.0.6478.126, < 126.0.6478.1262024-06-24
CVE-2024-6291 [HIGH] CWE-416 CVE-2024-6291: Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6292HIGHCVSS 8.8fixed in 126.0.6478.126≥ 126.0.6478.126, < 126.0.6478.1262024-06-24
CVE-2024-6292 [HIGH] CWE-416 CVE-2024-6292: Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potenti
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6290HIGHCVSS 8.8fixed in 126.0.6478.126≥ 126.0.6478.126, < 126.0.6478.1262024-06-24
CVE-2024-6290 [HIGH] CWE-416 CVE-2024-6290: Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potenti
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2024-6102HIGHCVSS 8.8fixed in 126.0.6478.114≥ 126.0.6478.114, < 126.0.6478.1142024-06-20
CVE-2024-6102 [HIGH] CWE-787 CVE-2024-6102: Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attack
Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd