Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 37 of 199
CVE-2023-5478MEDIUMCVSS 4.3fixed in 118.0.5993.70≥ 118.0.5993.70, < 118.0.5993.702023-10-11
CVE-2023-5478 [MEDIUM] CVE-2023-5478: Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote at
Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-5483MEDIUMCVSS 6.5fixed in 118.0.5993.70≥ 118.0.5993.70, < 118.0.5993.702023-10-11
CVE-2023-5483 [MEDIUM] CVE-2023-5483: Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote att
Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-5477MEDIUMCVSS 4.3fixed in 118.0.5993.70≥ 118.0.5993.70, < 118.0.5993.702023-10-11
CVE-2023-5477 [MEDIUM] CVE-2023-5477: Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local at
Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low)
nvd
CVE-2023-5481MEDIUMCVSS 6.5fixed in 118.0.5993.70≥ 118.0.5993.70, < 118.0.5993.702023-10-11
CVE-2023-5481 [MEDIUM] CVE-2023-5481: Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote a
Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-5346HIGHCVSS 8.8fixed in 117.0.5938.149≥ 117.0.5938.149, < 117.0.5938.1492023-10-05
CVE-2023-5346 [HIGH] CWE-843 CVE-2023-5346: Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potential
Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-5186HIGHCVSS 8.8fixed in 117.0.5938.132≥ 117.0.5938.132, < 117.0.5938.1322023-09-28
CVE-2023-5186 [HIGH] CWE-416 CVE-2023-5186: Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who c
Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)
nvd
CVE-2023-5187HIGHCVSS 8.8fixed in 117.0.5938.132≥ 117.0.5938.132, < 117.0.5938.1322023-09-28
CVE-2023-5187 [HIGH] CWE-416 CVE-2023-5187: Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convin
Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-5217HIGHCVSS 8.8KEVfixed in 117.0.5938.132≥ 117.0.5938.132, < 117.0.5938.1322023-09-28
CVE-2023-5217 [HIGH] CWE-787 CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-4863HIGHCVSS 8.8KEVfixed in 116.0.5845.187≥ 116.0.5845.187, < 116.0.5845.1872023-09-12
CVE-2023-4863 [HIGH] CWE-787 CVE-2023-4863: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2023-4901MEDIUMCVSS 4.3fixed in 117.0.5938.62≥ 117.0.5938.62, < 117.0.5938.622023-09-12
CVE-2023-4901 [MEDIUM] CVE-2023-4901: Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote att
Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4902MEDIUMCVSS 4.3fixed in 117.0.5938.62≥ 117.0.5938.62, < 117.0.5938.622023-09-12
CVE-2023-4902 [MEDIUM] CVE-2023-4902: Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attac
Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4905MEDIUMCVSS 4.3fixed in 117.0.5938.62≥ 117.0.5938.62, < 117.0.5938.622023-09-12
CVE-2023-4905 [MEDIUM] CVE-2023-4905: Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote att
Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4900MEDIUMCVSS 4.3fixed in 117.0.5938.62≥ 117.0.5938.62, < 117.0.5938.622023-09-12
CVE-2023-4900 [MEDIUM] CVE-2023-4900: Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allow
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4908MEDIUMCVSS 4.3fixed in 117.0.5938.62≥ 117.0.5938.62, < 117.0.5938.622023-09-12
CVE-2023-4908 [MEDIUM] CVE-2023-4908: Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a
Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-4906MEDIUMCVSS 4.3fixed in 117.0.5938.62≥ 117.0.5938.62, < 117.0.5938.622023-09-12
CVE-2023-4906 [MEDIUM] CVE-2023-4906: Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote
Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-4909MEDIUMCVSS 4.3fixed in 117.0.5938.62≥ 117.0.5938.62, < 117.0.5938.622023-09-12
CVE-2023-4909 [MEDIUM] CVE-2023-4909: Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remo
Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-4904MEDIUMCVSS 4.3fixed in 117.0.5938.62≥ 117.0.5938.62, < 117.0.5938.622023-09-12
CVE-2023-4904 [MEDIUM] CVE-2023-4904: Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remot
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)
nvd
CVE-2023-4903MEDIUMCVSS 4.3fixed in 117.0.5938.62≥ 117.0.5938.62, < 117.0.5938.622023-09-12
CVE-2023-4903 [MEDIUM] CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.6
Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4907MEDIUMCVSS 4.3fixed in 117.0.5938.62≥ 117.0.5938.62, < 117.0.5938.622023-09-12
CVE-2023-4907 [MEDIUM] CVE-2023-4907: Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a
Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-4762HIGHCVSS 8.8KEVfixed in 116.0.5845.179≥ 116.0.5845.179, < 116.0.5845.1792023-09-05
CVE-2023-4762 [HIGH] CWE-843 CVE-2023-4762: Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute a
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
nvd