Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 40 of 199
CVE-2023-4073HIGHCVSS 8.8fixed in 115.0.5790.170≥ 115.0.5790.170, < 115.0.5790.1702023-08-03
CVE-2023-4073 [HIGH] CWE-119 CVE-2023-4073: Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remot
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-4076HIGHCVSS 8.8fixed in 115.0.5790.170≥ 115.0.5790.170, < 115.0.5790.1702023-08-03
CVE-2023-4076 [HIGH] CWE-416 CVE-2023-4076: Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to poten
Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)
nvd
CVE-2023-4077HIGHCVSS 8.8fixed in 115.0.5790.170≥ 115.0.5790.170, < 115.0.5790.1702023-08-03
CVE-2023-4077 [HIGH] CVE-2023-4077: Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attac
Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)
nvd
CVE-2023-4070HIGHCVSS 8.1fixed in 115.0.5790.170≥ 115.0.5790.170, < 115.0.5790.1702023-08-03
CVE-2023-4070 [HIGH] CWE-843 CVE-2023-4070: Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform a
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-4078HIGHCVSS 8.8fixed in 115.0.5790.170≥ 115.0.5790.170, < 115.0.5790.1702023-08-03
CVE-2023-4078 [HIGH] CVE-2023-4078: Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attac
Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)
nvd
CVE-2023-4072HIGHCVSS 8.8fixed in 115.0.5790.170≥ 115.0.5790.170, < 115.0.5790.1702023-08-03
CVE-2023-4072 [HIGH] CWE-125 CVE-2023-4072: Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote atta
Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-3731HIGHCVSS 8.8fixed in 115.0.5790.131≥ 115.0.5790.131, < 115.0.5790.1312023-08-01
CVE-2023-3731 [HIGH] CWE-416 CVE-2023-3731: Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attack
Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
nvd
CVE-2023-3732HIGHCVSS 8.8fixed in 115.0.5790.98≥ 115.0.5790.98, < 115.0.5790.982023-08-01
CVE-2023-3732 [HIGH] CWE-787 CVE-2023-3732: Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacke
Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-3727HIGHCVSS 8.8fixed in 115.0.5790.98≥ 115.0.5790.98, < 115.0.5790.982023-08-01
CVE-2023-3727 [HIGH] CWE-416 CVE-2023-3727: Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potent
Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-3728HIGHCVSS 8.8fixed in 115.0.5790.98≥ 115.0.5790.98, < 115.0.5790.982023-08-01
CVE-2023-3728 [HIGH] CWE-416 CVE-2023-3728: Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potent
Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-3730HIGHCVSS 8.8fixed in 115.0.5790.98≥ 115.0.5790.98, < 115.0.5790.982023-08-01
CVE-2023-3730 [HIGH] CWE-416 CVE-2023-3730: Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who c
Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-3729HIGHCVSS 8.8fixed in 115.0.5790.98≥ 115.0.5790.131, < 115.0.5790.1312023-08-01
CVE-2023-3729 [HIGH] CWE-416 CVE-2023-3729: Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote
Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chromium security severity: High)
nvd
CVE-2023-3735MEDIUMCVSS 4.3fixed in 115.0.5790.98≥ 115.0.5790.98, < 115.0.5790.982023-08-01
CVE-2023-3735 [MEDIUM] CWE-838 CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 a
Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-3733MEDIUMCVSS 4.3fixed in 115.0.5790.98≥ 115.0.5790.98, < 115.0.5790.982023-08-01
CVE-2023-3733 [MEDIUM] CVE-2023-3733: Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a re
Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-3736MEDIUMCVSS 4.3fixed in 115.0.5790.98≥ 115.0.5790.98, < 115.0.5790.982023-08-01
CVE-2023-3736 [MEDIUM] CVE-2023-3736: Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allow
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-3737MEDIUMCVSS 4.3fixed in 115.0.5790.98≥ 115.0.5790.98, < 115.0.5790.982023-08-01
CVE-2023-3737 [MEDIUM] CVE-2023-3737: Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remo
Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-3738MEDIUMCVSS 4.3fixed in 115.0.5790.98≥ 115.0.5790.98, < 115.0.5790.982023-08-01
CVE-2023-3738 [MEDIUM] CVE-2023-3738: Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote at
Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-3739MEDIUMCVSS 6.3fixed in 115.0.5790.131≥ 115.0.5790.131, < 115.0.5790.1312023-08-01
CVE-2023-3739 [MEDIUM] CWE-77 CVE-2023-3739: Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.57
Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)
nvd
CVE-2023-3740MEDIUMCVSS 4.3fixed in 115.0.5790.98≥ 115.0.5790.98, < 115.0.5790.982023-08-01
CVE-2023-3740 [MEDIUM] CVE-2023-3740: Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed
Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low)
nvd
CVE-2023-3734MEDIUMCVSS 4.3fixed in 115.0.5790.98≥ 115.0.5790.98, < 115.0.5790.982023-08-01
CVE-2023-3734 [MEDIUM] CVE-2023-3734: Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a
Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
nvd