Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 29 of 199
CVE-2024-6100HIGHCVSS 8.8fixed in 126.0.6478.114≥ 126.0.6478.114, < 126.0.6478.1142024-06-20
CVE-2024-6100 [HIGH] CWE-843 CVE-2024-6100: Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute a
Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-6103HIGHCVSS 8.8fixed in 126.0.6478.114≥ 126.0.6478.114, < 126.0.6478.1142024-06-20
CVE-2024-6103 [HIGH] CWE-416 CVE-2024-6103: Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potenti
Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-6101HIGHCVSS 8.8fixed in 126.0.6478.114≥ 126.0.6478.114, < 126.0.6478.1142024-06-20
CVE-2024-6101 [HIGH] CWE-358 CVE-2024-6101: Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacke
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-5847HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5847 [HIGH] CWE-416 CVE-2024-5847: Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potent
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
nvd
CVE-2024-5846HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5846 [HIGH] CWE-416 CVE-2024-5846: Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potent
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
nvd
CVE-2024-5833HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5833 [HIGH] CWE-843 CVE-2024-5833: Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-5841HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5841 [HIGH] CWE-416 CVE-2024-5841: Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentiall
Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2024-5844HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5844 [HIGH] CWE-787 CVE-2024-5844: Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker
Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2024-5838HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5838 [HIGH] CWE-843 CVE-2024-5838: Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform ou
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-5832HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5832 [HIGH] CWE-416 CVE-2024-5832: Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentia
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-5834HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5834 [HIGH] CWE-94 CVE-2024-5834: Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attack
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-5835HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5835 [HIGH] CWE-787 CVE-2024-5835: Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-5830HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5830 [HIGH] CWE-843 CVE-2024-5830: Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-5837HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5837 [HIGH] CWE-843 CVE-2024-5837: Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-5845HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5845 [HIGH] CWE-416 CVE-2024-5845: Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potenti
Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
nvd
CVE-2024-5831HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5831 [HIGH] CWE-416 CVE-2024-5831: Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentia
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-5842HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5842 [HIGH] CWE-416 CVE-2024-5842: Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who c
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2024-5836HIGHCVSS 8.8fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5836 [HIGH] CWE-474 CVE-2024-5836: Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
nvd
CVE-2024-5839MEDIUMCVSS 6.5fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5839 [MEDIUM] CWE-474 CVE-2024-5839: Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a r
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2024-5840MEDIUMCVSS 6.5fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11
CVE-2024-5840 [MEDIUM] CWE-284 CVE-2024-5840: Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass di
Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)
nvd