Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 34 of 199
CVE-2024-0804HIGHCVSS 7.5fixed in 121.0.6167.85≥ 121.0.6167.85, < 121.0.6167.852024-01-24
CVE-2024-0804 [HIGH] CWE-693 CVE-2024-0804: Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a
Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2024-0809MEDIUMCVSS 4.3fixed in 121.0.6167.85≥ 121.0.6167.85, < 121.0.6167.852024-01-24
CVE-2024-0809 [MEDIUM] CWE-693 CVE-2024-0809: Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote at
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2024-0811MEDIUMCVSS 4.3fixed in 121.0.6167.85≥ 121.0.6167.85, < 121.0.6167.852024-01-24
CVE-2024-0811 [MEDIUM] CVE-2024-0811: Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an at
Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)
nvd
CVE-2024-0805MEDIUMCVSS 4.3fixed in 121.0.6167.85≥ 121.0.6167.85, < 121.0.6167.852024-01-24
CVE-2024-0805 [MEDIUM] CWE-451 CVE-2024-0805: Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote a
Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
nvd
CVE-2024-0814MEDIUMCVSS 6.5fixed in 121.0.6167.85≥ 121.0.6167.85, < 121.0.6167.852024-01-24
CVE-2024-0814 [MEDIUM] CWE-346 CVE-2024-0814: Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2024-0810MEDIUMCVSS 4.3fixed in 121.0.6167.85≥ 121.0.6167.85, < 121.0.6167.852024-01-24
CVE-2024-0810 [MEDIUM] CWE-284 CVE-2024-0810: Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attac
Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)
nvd
CVE-2024-0519HIGHCVSS 8.8KEVfixed in 120.0.6099.224≥ 120.0.6099.224, < 120.0.6099.2242024-01-16
CVE-2024-0519 [HIGH] CWE-787 CVE-2024-0519: Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-0518HIGHCVSS 8.8fixed in 120.0.6099.224≥ 120.0.6099.224, < 120.0.6099.2242024-01-16
CVE-2024-0518 [HIGH] CWE-843 CVE-2024-0518: Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potential
Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-0517HIGHCVSS 8.8fixed in 120.0.6099.224≥ 120.0.6099.224, < 120.0.6099.2242024-01-16
CVE-2024-0517 [HIGH] CWE-787 CVE-2024-0517: Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to pote
Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-0333MEDIUMCVSS 5.3fixed in 120.0.6099.216≥ 120.0.6099.216, < 120.0.6099.2162024-01-10
CVE-2024-0333 [MEDIUM] CVE-2024-0333: Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attac
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-0225HIGHCVSS 8.8fixed in 120.0.6099.199≥ 120.0.6099.199, < 120.0.6099.1992024-01-04
CVE-2024-0225 [HIGH] CWE-416 CVE-2024-0225: Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to poten
Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-0222HIGHCVSS 8.8fixed in 120.0.6099.199≥ 120.0.6099.199, < 120.0.6099.1992024-01-04
CVE-2024-0222 [HIGH] CWE-416 CVE-2024-0222: Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had c
Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-0223HIGHCVSS 8.8fixed in 120.0.6099.199≥ 120.0.6099.199, < 120.0.6099.1992024-01-04
CVE-2024-0223 [HIGH] CWE-787 CVE-2024-0223: Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-0224HIGHCVSS 8.8fixed in 120.0.6099.199≥ 120.0.6099.199, < 120.0.6099.1992024-01-04
CVE-2024-0224 [HIGH] CWE-416 CVE-2024-0224: Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to pot
Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-7024HIGHCVSS 8.8KEVfixed in 120.0.6099.129≥ 120.0.6099.129, < 120.0.6099.1292023-12-21
CVE-2023-7024 [HIGH] CWE-787 CVE-2023-7024: Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-3742MEDIUMCVSS 6.8fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-12-20
CVE-2023-3742 [MEDIUM] CVE-2023-3742: Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a
Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High)
nvd
CVE-2023-6706HIGHCVSS 8.8fixed in 120.0.6099.109≥ 120.0.6099.109, < 120.0.6099.1092023-12-14
CVE-2023-6706 [HIGH] CWE-416 CVE-2023-6706: Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convi
Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-6707HIGHCVSS 8.8fixed in 120.0.6099.109≥ 120.0.6099.109, < 120.0.6099.1092023-12-14
CVE-2023-6707 [HIGH] CWE-416 CVE-2023-6707: Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentia
Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-6704HIGHCVSS 8.8fixed in 120.0.6099.109≥ 120.0.6099.109, < 120.0.6099.1092023-12-14
CVE-2023-6704 [HIGH] CWE-416 CVE-2023-6704: Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to pote
Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)
nvd
CVE-2023-6705HIGHCVSS 8.8fixed in 120.0.6099.109≥ 120.0.6099.109, < 120.0.6099.1092023-12-14
CVE-2023-6705 [HIGH] CWE-416 CVE-2023-6705: Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to poten
Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd