Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 39 of 199
CVE-2023-4353HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15
CVE-2023-4353 [HIGH] CWE-787 CVE-2023-4353: Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to p
Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-4358HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15
CVE-2023-4358 [HIGH] CWE-416 CVE-2023-4358: Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potential
Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4368HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15
CVE-2023-4368 [HIGH] CVE-2023-4368: Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an
Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4366HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15
CVE-2023-4366 [HIGH] CWE-416 CVE-2023-4366: Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinc
Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4369HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.120, < 116.0.5845.1202023-08-15
CVE-2023-4369 [HIGH] CVE-2023-4369: Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.
Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4356HIGHCVSS 8.8fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15
CVE-2023-4356 [HIGH] CWE-416 CVE-2023-4356: Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has co
Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4364MEDIUMCVSS 4.3fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15
CVE-2023-4364 [MEDIUM] CVE-2023-4364: Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a
Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4365MEDIUMCVSS 4.3fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15
CVE-2023-4365 [MEDIUM] CVE-2023-4365: Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote
Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4350MEDIUMCVSS 6.5fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15
CVE-2023-4350 [MEDIUM] CVE-2023-4350: Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowe
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-4363MEDIUMCVSS 4.3fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15
CVE-2023-4363 [MEDIUM] CVE-2023-4363: Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed
Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4360MEDIUMCVSS 4.3fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15
CVE-2023-4360 [MEDIUM] CVE-2023-4360: Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attac
Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4361MEDIUMCVSS 5.3fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15
CVE-2023-4361 [MEDIUM] CVE-2023-4361: Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed
Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4367MEDIUMCVSS 6.5fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15
CVE-2023-4367 [MEDIUM] CVE-2023-4367: Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an
Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4359MEDIUMCVSS 5.3fixed in 116.0.5845.96≥ 116.0.5845.96, < 116.0.5845.962023-08-15
CVE-2023-4359 [MEDIUM] CVE-2023-4359: Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed
Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2022-4955MEDIUMCVSS 6.5fixed in 108.0.5359.71≥ 108.0.5359.71, < 108.0.5359.712023-08-04
CVE-2022-4955 [MEDIUM] CVE-2022-4955: Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker
Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-4071HIGHCVSS 8.8fixed in 115.0.5790.170≥ 115.0.5790.170, < 115.0.5790.1702023-08-03
CVE-2023-4071 [HIGH] CWE-787 CVE-2023-4071: Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker t
Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-4075HIGHCVSS 8.8fixed in 115.0.5790.170≥ 115.0.5790.170, < 115.0.5790.1702023-08-03
CVE-2023-4075 [HIGH] CWE-416 CVE-2023-4075: Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potenti
Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-4069HIGHCVSS 8.8fixed in 115.0.5790.170≥ 115.0.5790.170, < 115.0.5790.1702023-08-03
CVE-2023-4069 [HIGH] CWE-843 CVE-2023-4069: Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potential
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-4068HIGHCVSS 8.1fixed in 115.0.5790.170≥ 115.0.5790.170, < 115.0.5790.1702023-08-03
CVE-2023-4068 [HIGH] CWE-843 CVE-2023-4068: Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform a
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-4074HIGHCVSS 8.8fixed in 115.0.5790.170≥ 115.0.5790.170, < 115.0.5790.1702023-08-03
CVE-2023-4074 [HIGH] CWE-416 CVE-2023-4074: Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote at
Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd