Google Chrome vulnerabilities

3,975 known vulnerabilities affecting google/chrome.

Total CVEs

3,975

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11

Vulnerabilities

Page 30 of 199

CVE-2024-5843MEDIUMCVSS 6.5fixed in 126.0.6478.54≥ 126.0.6478.54, < 126.0.6478.542024-06-11

CVE-2024-5843 [MEDIUM] CWE-843 CVE-2024-5843: Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote a Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)

nvd

CVE-2024-5496HIGHCVSS 8.8fixed in 125.0.6422.141≥ 125.0.6422.141, < 125.0.6422.1412024-05-30

CVE-2024-5496 [HIGH] CWE-416 CVE-2024-5496: Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker t Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-5494HIGHCVSS 8.8fixed in 125.0.6422.141≥ 125.0.6422.141, < 125.0.6422.1412024-05-30

CVE-2024-5494 [HIGH] CWE-416 CVE-2024-5494: Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potenti Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-5495HIGHCVSS 8.8fixed in 125.0.6422.141≥ 125.0.6422.141, < 125.0.6422.1412024-05-30

CVE-2024-5495 [HIGH] CWE-416 CVE-2024-5495: Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potenti Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-5493HIGHCVSS 8.8fixed in 125.0.6422.141≥ 125.0.6422.141, < 125.0.6422.1412024-05-30

CVE-2024-5493 [HIGH] CWE-787 CVE-2024-5493: Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-5499HIGHCVSS 8.8fixed in 125.0.6422.141≥ 125.0.6422.141, < 125.0.6422.1412024-05-30

CVE-2024-5499 [HIGH] CWE-787 CVE-2024-5499: Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacke Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-5497HIGHCVSS 8.8fixed in 125.0.6422.141≥ 125.0.6422.141, < 125.0.6422.1412024-05-30

CVE-2024-5497 [HIGH] CWE-787 CVE-2024-5497: Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-5274CRITICALCVSS 9.6KEVfixed in 125.0.6422.112≥ 125.0.6422.112, < 125.0.6422.1122024-05-28

CVE-2024-5274 [CRITICAL] CWE-843 CVE-2024-5274: Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute a Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-5157HIGHCVSS 8.8fixed in 125.0.6422.76≥ 125.0.6422.76, < 125.0.6422.762024-05-22

CVE-2024-5157 [HIGH] CWE-416 CVE-2024-5157: Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to ex Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-5158HIGHCVSS 8.1fixed in 125.0.6422.76≥ 125.0.6422.76, < 125.0.6422.762024-05-22

CVE-2024-5158 [HIGH] CWE-843 CVE-2024-5158: Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentiall Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-5159HIGHCVSS 8.8fixed in 125.0.6422.76≥ 125.0.6422.76, < 125.0.6422.762024-05-22

CVE-2024-5159 [HIGH] CWE-125 CVE-2024-5159: Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to p Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-5160HIGHCVSS 8.8fixed in 125.0.6422.76≥ 125.0.6422.76, < 125.0.6422.762024-05-22

CVE-2024-5160 [HIGH] CWE-787 CVE-2024-5160: Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to pe Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-4947CRITICALCVSS 9.6KEVfixed in 125.0.6422.60≥ 125.0.6422.60, < 125.0.6422.602024-05-15

CVE-2024-4947 [CRITICAL] CWE-843 CVE-2024-4947: Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute ar Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-4948MEDIUMCVSS 6.5fixed in 125.0.6422.60≥ 125.0.6422.60, < 125.0.6422.602024-05-15

CVE-2024-4948 [MEDIUM] CWE-416 CVE-2024-4948: Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentia Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-4949MEDIUMCVSS 6.5fixed in 125.0.6422.60≥ 125.0.6422.60, < 125.0.6422.602024-05-15

CVE-2024-4949 [MEDIUM] CWE-416 CVE-2024-4949: Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentiall Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2024-4950MEDIUMCVSS 6.5fixed in 125.0.6422.60≥ 125.0.6422.60, < 125.0.6422.602024-05-15

CVE-2024-4950 [MEDIUM] CWE-1021 CVE-2024-4950: Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote a Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2024-4671CRITICALCVSS 9.6KEVfixed in 124.0.6367.201≥ 124.0.6367.201, < 124.0.6367.2012024-05-14

CVE-2024-4671 [CRITICAL] CWE-416 CVE-2024-4671: Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-4761HIGHCVSS 8.8KEVfixed in 124.0.6367.207≥ 124.0.6367.207, < 124.0.6367.2072024-05-14

CVE-2024-4761 [HIGH] CWE-787 CVE-2024-4761: Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perf Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-4558CRITICALCVSS 9.6fixed in 124.0.6367.155≥ 124.0.6367.155, < 124.0.6367.1552024-05-07

CVE-2024-4558 [CRITICAL] CWE-416 CVE-2024-4558: Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potent Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-4559MEDIUMCVSS 6.5fixed in 124.0.6367.155≥ 124.0.6367.155, < 124.0.6367.1552024-05-07

CVE-2024-4559 [MEDIUM] CWE-787 CVE-2024-4559: Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

← Previous30 / 199Next →