Google Chrome vulnerabilities

3,975 known vulnerabilities affecting google/chrome.

Total CVEs

3,975

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11

Vulnerabilities

Page 33 of 199

CVE-2024-1938HIGHCVSS 8.8fixed in 122.0.6261.94≥ 122.0.6261.94, < 122.0.6261.942024-02-29

CVE-2024-1938 [HIGH] CWE-843 CVE-2024-1938: Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentiall Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-1939HIGHCVSS 8.8fixed in 122.0.6261.94≥ 122.0.6261.94, < 122.0.6261.942024-02-29

CVE-2024-1939 [HIGH] CWE-843 CVE-2024-1939: Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentiall Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-1670HIGHCVSS 8.8fixed in 122.0.6261.57≥ 122.0.6261.57, < 122.0.6261.572024-02-21

CVE-2024-1670 [HIGH] CWE-416 CVE-2024-1670: Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentia Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-1675HIGHCVSS 8.8fixed in 122.0.6261.57≥ 122.0.6261.57, < 122.0.6261.572024-02-21

CVE-2024-1675 [HIGH] CWE-284 CVE-2024-1675: Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2024-1674HIGHCVSS 8.8fixed in 122.0.6261.57≥ 122.0.6261.57, < 122.0.6261.572024-02-21

CVE-2024-1674 [HIGH] CVE-2024-1674: Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2024-1669HIGHCVSS 8.8fixed in 122.0.6261.57≥ 122.0.6261.57, < 122.0.6261.572024-02-21

CVE-2024-1669 [HIGH] CWE-787 CVE-2024-1669: Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attack Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-1673HIGHCVSS 8.8fixed in 122.0.6261.57≥ 122.0.6261.57, < 122.0.6261.572024-02-21

CVE-2024-1673 [HIGH] CWE-416 CVE-2024-1673: Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker wh Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

nvd

CVE-2024-1672MEDIUMCVSS 5.4fixed in 122.0.6261.57≥ 122.0.6261.57, < 122.0.6261.572024-02-21

CVE-2024-1672 [MEDIUM] CWE-474 CVE-2024-1672: Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allo Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2024-1671MEDIUMCVSS 6.5fixed in 122.0.6261.57≥ 122.0.6261.57, < 122.0.6261.572024-02-21

CVE-2024-1671 [MEDIUM] CWE-693 CVE-2024-1671: Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a rem Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2024-1676MEDIUMCVSS 5.4fixed in 122.0.6261.57≥ 122.0.6261.57, < 122.0.6261.572024-02-21

CVE-2024-1676 [MEDIUM] CWE-79 CVE-2024-1676: Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2024-1283CRITICALCVSS 9.8fixed in 121.0.6167.160≥ 121.0.6167.160, < 121.0.6167.1602024-02-07

CVE-2024-1283 [CRITICAL] CWE-787 CVE-2024-1283: Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to p Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-1284CRITICALCVSS 9.8fixed in 121.0.6167.160≥ 121.0.6167.160, < 121.0.6167.1602024-02-07

CVE-2024-1284 [CRITICAL] CWE-416 CVE-2024-1284: Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potenti Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-1077HIGHCVSS 8.8fixed in 121.0.6167.139≥ 121.0.6167.139, < 121.0.6167.1392024-01-30

CVE-2024-1077 [HIGH] CWE-416 CVE-2024-1077: Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to pote Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

nvd

CVE-2024-1060HIGHCVSS 8.8fixed in 121.0.6167.139≥ 121.0.6167.139, < 121.0.6167.1392024-01-30

CVE-2024-1060 [HIGH] CWE-416 CVE-2024-1060: Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to poten Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-1059HIGHCVSS 8.8fixed in 121.0.6167.139≥ 121.0.6167.139, < 121.0.6167.1392024-01-30

CVE-2024-1059 [HIGH] CWE-416 CVE-2024-1059: Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-0808CRITICALCVSS 9.8fixed in 121.0.6167.85≥ 121.0.6167.85, < 121.0.6167.852024-01-24

CVE-2024-0808 [CRITICAL] CWE-191 CVE-2024-0808: Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to pote Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

nvd

CVE-2024-0813HIGHCVSS 8.8fixed in 121.0.6167.85≥ 121.0.6167.85, < 121.0.6167.852024-01-24

CVE-2024-0813 [HIGH] CWE-416 CVE-2024-0813: Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convi Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

nvd

CVE-2024-0807HIGHCVSS 8.8fixed in 121.0.6167.85≥ 121.0.6167.85, < 121.0.6167.852024-01-24

CVE-2024-0807 [HIGH] CWE-416 CVE-2024-0807: Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to pot Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-0812HIGHCVSS 8.8fixed in 121.0.6167.85≥ 121.0.6167.85, < 121.0.6167.852024-01-24

CVE-2024-0812 [HIGH] CVE-2024-0812: Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remo Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2024-0806HIGHCVSS 8.8fixed in 121.0.6167.85≥ 121.0.6167.85, < 121.0.6167.852024-01-24

CVE-2024-0806 [HIGH] CWE-416 CVE-2024-0806: Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to pot Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

nvd

← Previous33 / 199Next →