Google Chrome vulnerabilities

3,975 known vulnerabilities affecting google/chrome.

Total CVEs

3,975

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11

Vulnerabilities

Page 32 of 199

CVE-2024-3515MEDIUMCVSS 6.5fixed in 123.0.6312.122≥ 123.0.6312.122, < 123.0.6312.1222024-04-10

CVE-2024-3515 [MEDIUM] CWE-416 CVE-2024-3515: Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potenti Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-3516MEDIUMCVSS 6.5fixed in 123.0.6312.122≥ 123.0.6312.122, < 123.0.6312.1222024-04-10

CVE-2024-3516 [MEDIUM] CWE-787 CVE-2024-3516: Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-3158HIGHCVSS 8.8fixed in 123.0.6312.105≥ 123.0.6312.105, < 123.0.6312.1052024-04-06

CVE-2024-3158 [HIGH] CWE-416 CVE-2024-3158: Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to po Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-3156HIGHCVSS 8.8fixed in 123.0.6312.105≥ 123.0.6312.105, < 123.0.6312.1052024-04-06

CVE-2024-3156 [HIGH] CWE-125 CVE-2024-3156: Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacke Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-3159HIGHCVSS 8.8fixed in 123.0.6312.105≥ 123.0.6312.105, < 123.0.6312.1052024-04-06

CVE-2024-3159 [HIGH] CWE-119 CVE-2024-3159: Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-2887HIGHCVSS 7.7fixed in 123.0.6312.86≥ 123.0.6312.86, < 123.0.6312.862024-03-26

CVE-2024-2887 [HIGH] CWE-843 CVE-2024-2887: Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to e Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-2885HIGHCVSS 8.8fixed in 123.0.6312.86≥ 123.0.6312.86, < 123.0.6312.862024-03-26

CVE-2024-2885 [HIGH] CWE-416 CVE-2024-2885: Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentia Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-2883HIGHCVSS 8.8fixed in 123.0.6312.86≥ 123.0.6312.86, < 123.0.6312.862024-03-26

CVE-2024-2883 [HIGH] CWE-416 CVE-2024-2883: Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potenti Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

nvd

CVE-2024-2886HIGHCVSS 7.5fixed in 123.0.6312.86≥ 123.0.6312.86, < 123.0.6312.862024-03-26

CVE-2024-2886 [HIGH] CWE-416 CVE-2024-2886: Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to per Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-2625HIGHCVSS 8.8fixed in 123.0.6312.58≥ 123.0.6312.58, < 123.0.6312.582024-03-20

CVE-2024-2625 [HIGH] CVE-2024-2625: Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to po Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-2627HIGHCVSS 8.8fixed in 123.0.6312.58≥ 123.0.6312.58, < 123.0.6312.582024-03-20

CVE-2024-2627 [HIGH] CWE-416 CVE-2024-2627: Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potent Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2024-2626MEDIUMCVSS 6.5fixed in 123.0.6312.58≥ 123.0.6312.58, < 123.0.6312.582024-03-20

CVE-2024-2626 [MEDIUM] CWE-125 CVE-2024-2626: Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2024-2630MEDIUMCVSS 6.5fixed in 123.0.6312.58≥ 123.0.6312.58, < 123.0.6312.582024-03-20

CVE-2024-2630 [MEDIUM] CWE-79 CVE-2024-2630: Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacke Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2024-2628MEDIUMCVSS 4.3fixed in 123.0.6312.58≥ 123.0.6312.58, < 123.0.6312.582024-03-20

CVE-2024-2628 [MEDIUM] CWE-474 CVE-2024-2628: Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote a Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)

nvd

CVE-2024-2631MEDIUMCVSS 4.3fixed in 123.0.6312.58≥ 123.0.6312.58, < 123.0.6312.582024-03-20

CVE-2024-2631 [MEDIUM] CWE-451 CVE-2024-2631: Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacke Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2024-2629MEDIUMCVSS 4.3fixed in 123.0.6312.58≥ 123.0.6312.58, < 123.0.6312.582024-03-20

CVE-2024-2629 [MEDIUM] CVE-2024-2629: Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to pe Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2024-2400HIGHCVSS 8.8fixed in 122.0.6261.128≥ 122.0.6261.128, < 122.0.6261.1282024-03-13

CVE-2024-2400 [HIGH] CWE-416 CVE-2024-2400: Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote atta Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-2176HIGHCVSS 8.8fixed in 122.0.6261.111≥ 122.0.6261.111, < 122.0.6261.1112024-03-06

CVE-2024-2176 [HIGH] CWE-416 CVE-2024-2176: Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potent Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-2173HIGHCVSS 8.8fixed in 122.0.6261.111≥ 122.0.6261.111, < 122.0.6261.1112024-03-06

CVE-2024-2173 [HIGH] CWE-787 CVE-2024-2173: Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-2174HIGHCVSS 8.8fixed in 122.0.6261.111≥ 122.0.6261.111, < 122.0.6261.1112024-03-06

CVE-2024-2174 [HIGH] CWE-787 CVE-2024-2174: Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacke Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

← Previous32 / 199Next →