Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 35 of 199
CVE-2023-6703HIGHCVSS 8.8fixed in 120.0.6099.109≥ 120.0.6099.109, < 120.0.6099.1092023-12-14
CVE-2023-6703 [HIGH] CWE-416 CVE-2023-6703: Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potent
Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-6702HIGHCVSS 8.8fixed in 120.0.6099.109≥ 120.0.6099.109, < 120.0.6099.1092023-12-14
CVE-2023-6702 [HIGH] CWE-843 CVE-2023-6702: Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potential
Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-6508HIGHCVSS 8.8fixed in 120.0.6099.62≥ 120.0.6099.62, < 120.0.6099.622023-12-06
CVE-2023-6508 [HIGH] CWE-416 CVE-2023-6508: Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-6510HIGHCVSS 8.8fixed in 120.0.6099.62≥ 120.0.6099.62, < 120.0.6099.622023-12-06
CVE-2023-6510 [HIGH] CWE-416 CVE-2023-6510: Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker wh
Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
nvd
CVE-2023-6509HIGHCVSS 8.8fixed in 120.0.6099.62≥ 120.0.6099.62, < 120.0.6099.622023-12-06
CVE-2023-6509 [HIGH] CWE-416 CVE-2023-6509: Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacke
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)
nvd
CVE-2023-6512MEDIUMCVSS 6.5fixed in 120.0.6099.62≥ 120.0.6099.62, < 120.0.6099.622023-12-06
CVE-2023-6512 [MEDIUM] CWE-838 CVE-2023-6512: Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a rem
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-6511MEDIUMCVSS 4.3fixed in 120.0.6099.62≥ 120.0.6099.62, < 120.0.6099.622023-12-06
CVE-2023-6511 [MEDIUM] CVE-2023-6511: Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote at
Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-6345CRITICALCVSS 9.6KEVfixed in 119.0.6045.199≥ 119.0.6045.199, < 119.0.6045.1992023-11-29
CVE-2023-6345 [CRITICAL] CWE-190 CVE-2023-6345: Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
nvd
CVE-2023-6348HIGHCVSS 8.8fixed in 119.0.6045.199≥ 119.0.6045.199, < 119.0.6045.1992023-11-29
CVE-2023-6348 [HIGH] CWE-843 CVE-2023-6348: Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-6350HIGHCVSS 8.8fixed in 119.0.6045.199≥ 119.0.6045.199, < 119.0.6045.1992023-11-29
CVE-2023-6350 [HIGH] CWE-416 CVE-2023-6350: Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to pote
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
nvd
CVE-2023-6346HIGHCVSS 8.8fixed in 119.0.6045.199≥ 119.0.6045.199, < 119.0.6045.1992023-11-29
CVE-2023-6346 [HIGH] CWE-416 CVE-2023-6346: Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to pot
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-6347HIGHCVSS 8.8fixed in 119.0.6045.199≥ 119.0.6045.199, < 119.0.6045.1992023-11-29
CVE-2023-6347 [HIGH] CWE-416 CVE-2023-6347: Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potenti
Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-6351HIGHCVSS 8.8fixed in 119.0.6045.199≥ 119.0.6045.199, < 119.0.6045.1992023-11-29
CVE-2023-6351 [HIGH] CWE-416 CVE-2023-6351: Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to pote
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
nvd
CVE-2023-5997HIGHCVSS 8.8fixed in 119.0.6045.159≥ 119.0.6045.159, < 119.0.6045.1592023-11-15
CVE-2023-5997 [HIGH] CWE-416 CVE-2023-5997: Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attac
Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-6112HIGHCVSS 8.8fixed in 119.0.6045.159≥ 119.0.6045.159, < 119.0.6045.1592023-11-15
CVE-2023-6112 [HIGH] CWE-416 CVE-2023-6112: Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to p
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-5996HIGHCVSS 8.8fixed in 119.0.6045.123≥ 119.0.6045.123, < 119.0.6045.1232023-11-08
CVE-2023-5996 [HIGH] CWE-416 CVE-2023-5996: Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to pot
Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-5482HIGHCVSS 8.8fixed in 119.0.6045.105≥ 119.0.6045.105, < 119.0.6045.1052023-11-01
CVE-2023-5482 [HIGH] CWE-345 CVE-2023-5482: Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attack
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-5849HIGHCVSS 8.8fixed in 119.0.6045.105≥ 119.0.6045.105, < 119.0.6045.1052023-11-01
CVE-2023-5849 [HIGH] CWE-190 CVE-2023-5849: Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potent
Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-5857HIGHCVSS 8.8fixed in 119.0.6045.105≥ 119.0.6045.105, < 119.0.6045.1052023-11-01
CVE-2023-5857 [HIGH] CVE-2023-5857: Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)
nvd
CVE-2023-5856HIGHCVSS 8.8fixed in 119.0.6045.105≥ 119.0.6045.105, < 119.0.6045.1052023-11-01
CVE-2023-5856 [HIGH] CWE-416 CVE-2023-5856: Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd