Google Chrome vulnerabilities

3,975 known vulnerabilities affecting google/chrome.

Total CVEs

3,975

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11

Vulnerabilities

Page 38 of 199

CVE-2023-4761HIGHCVSS 8.1fixed in 116.0.5845.179≥ 116.0.5845.179, < 116.0.5845.1792023-09-05

CVE-2023-4761 [HIGH] CWE-125 CVE-2023-4761: Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attac Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-4763HIGHCVSS 8.8fixed in 116.0.5845.179≥ 116.0.5845.179, < 116.0.5845.1792023-09-05

CVE-2023-4763 [HIGH] CWE-416 CVE-2023-4763: Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to pot Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-4764MEDIUMCVSS 6.5fixed in 116.0.5845.179≥ 116.0.5845.179, < 116.0.5845.1792023-09-05

CVE-2023-4764 [MEDIUM] CVE-2023-4764: Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-4572HIGHCVSS 8.8fixed in 116.0.5845.140≥ 116.0.5845.140, < 116.0.5845.1402023-08-29

CVE-2023-4572 [HIGH] CWE-416 CVE-2023-4572: Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2019-13690CRITICALCVSS 9.6fixed in 75.0.3770.80≥ 75.0.3770.80, < 75.0.3770.802023-08-25

CVE-2019-13690 [CRITICAL] CWE-269 CVE-2019-13690: Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remo Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

nvd

CVE-2022-4452HIGHCVSS 8.8fixed in 107.0.5304.62≥ 107.0.5304.62, < 107.0.5304.622023-08-25

CVE-2022-4452 [HIGH] CVE-2022-4452: Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote atta Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2019-13689HIGHCVSS 7.8fixed in 75.0.3770.80≥ 75.0.3770.80, < 75.0.3770.802023-08-25

CVE-2019-13689 [HIGH] CWE-59 CVE-2019-13689: Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remo Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)

nvd

CVE-2023-4428HIGHCVSS 8.1fixed in 116.0.5845.110≥ 116.0.5845.110, < 116.0.5845.1102023-08-23

CVE-2023-4428 [HIGH] CWE-125 CVE-2023-4428: Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacke Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-4427HIGHCVSS 8.1fixed in 116.0.5845.110≥ 116.0.5845.110, < 116.0.5845.1102023-08-23

CVE-2023-4427 [HIGH] CWE-125 CVE-2023-4427: Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-4431HIGHCVSS 8.1fixed in 116.0.5845.110≥ 116.0.5845.110, < 116.0.5845.1102023-08-23

CVE-2023-4431 [HIGH] CWE-125 CVE-2023-4431: Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attac Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2023-4430HIGHCVSS 8.8fixed in 116.0.5845.110≥ 116.0.5845.110, < 116.0.5845.1102023-08-23

CVE-2023-4430 [HIGH] CWE-416 CVE-2023-4430: Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to poten Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-4429HIGHCVSS 8.8fixed in 116.0.5845.110≥ 116.0.5845.110, < 116.0.5845.1102023-08-23

CVE-2023-4429 [HIGH] CWE-416 CVE-2023-4429: Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to poten Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-4355HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15

CVE-2023-4355 [HIGH] CWE-787 CVE-2023-4355: Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-4357HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15

CVE-2023-4357 [HIGH] CWE-20 CVE-2023-4357: Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2023-4351HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15

CVE-2023-4351 [HIGH] CWE-416 CVE-2023-4351: Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-4362HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15

CVE-2023-4362 [HIGH] CWE-787 CVE-2023-4362: Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2023-4349HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15

CVE-2023-4349 [HIGH] CWE-416 CVE-2023-4349: Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote a Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-4354HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15

CVE-2023-4354 [HIGH] CWE-787 CVE-2023-4354: Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who h Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-4352HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15

CVE-2023-4352 [HIGH] CWE-843 CVE-2023-4352: Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentiall Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-2312HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15

CVE-2023-2312 [HIGH] CWE-416 CVE-2023-2312: Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attack Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

← Previous38 / 199Next →