Google Chrome vulnerabilities

3,975 known vulnerabilities affecting google/chrome.

Total CVEs

3,975

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11

Vulnerabilities

Page 41 of 199

CVE-2022-4924CRITICALCVSS 9.6fixed in 97.0.4692.71≥ 97.0.4692.71, < 97.0.4692.712023-07-29

CVE-2022-4924 [CRITICAL] CWE-416 CVE-2022-4924: Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had co Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2022-4920CRITICALCVSS 9.6fixed in 101.0.4951.41≥ 101.0.4951.41, < 101.0.4951.412023-07-29

CVE-2022-4920 [CRITICAL] CWE-787 CVE-2022-4920: Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2021-4322HIGHCVSS 8.8fixed in 91.0.4472.77≥ 91.0.4472.77, < 91.0.4472.772023-07-29

CVE-2021-4322 [HIGH] CWE-416 CVE-2021-4322: Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

nvd

CVE-2022-4921HIGHCVSS 8.8fixed in 99.0.4844.51≥ 99.0.4844.51, < 99.0.4844.512023-07-29

CVE-2022-4921 [HIGH] CWE-416 CVE-2022-4921: Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2021-4318HIGHCVSS 8.8fixed in 94.0.4606.54≥ 94.0.4606.54, < 94.0.4606.542023-07-29

CVE-2021-4318 [HIGH] CVE-2021-4318: Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to poten Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2022-4906HIGHCVSS 8.8fixed in 108.0.5359.71≥ 108.0.5359.71, < 108.0.5359.712023-07-29

CVE-2022-4906 [HIGH] CVE-2022-4906: Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attac Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-2313HIGHCVSS 8.8fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-07-29

CVE-2023-2313 [HIGH] CVE-2023-2313: Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High)

nvd

CVE-2022-4912HIGHCVSS 8.8fixed in 105.0.5195.52≥ 105.0.5195.52, < 105.0.5195.522023-07-29

CVE-2022-4912 [HIGH] CWE-843 CVE-2022-4912: Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potent Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2022-4907HIGHCVSS 8.8fixed in 108.0.5359.71≥ 108.0.5359.71, < 108.0.5359.712023-07-29

CVE-2022-4907 [HIGH] CVE-2022-4907: Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to exe Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2022-4914HIGHCVSS 8.8fixed in 104.0.5112.79≥ 104.0.5112.79, < 104.0.5112.792023-07-29

CVE-2022-4914 [HIGH] CWE-787 CVE-2022-4914: Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2021-4320HIGHCVSS 8.8fixed in 92.0.4515.107≥ 92.0.4515.107, < 92.0.4515.1072023-07-29

CVE-2021-4320 [HIGH] CWE-416 CVE-2021-4320: Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had co Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2021-4317HIGHCVSS 8.8fixed in 96.0.4664.93≥ 96.0.4664.93, < 96.0.4664.932023-07-29

CVE-2021-4317 [HIGH] CWE-416 CVE-2021-4317: Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2022-4916HIGHCVSS 8.8fixed in 103.0.5060.53≥ 103.0.5060.53, < 103.0.5060.532023-07-29

CVE-2022-4916 [HIGH] CWE-416 CVE-2022-4916: Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2022-4918HIGHCVSS 8.8fixed in 102.0.5005.61≥ 102.0.5005.61, < 102.0.5005.612023-07-29

CVE-2022-4918 [HIGH] CWE-416 CVE-2022-4918: Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform ar Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2022-4919HIGHCVSS 8.8fixed in 101.0.4951.41≥ 101.0.4951.41, < 101.0.4951.412023-07-29

CVE-2022-4919 [HIGH] CWE-416 CVE-2022-4919: Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker t Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2021-4319HIGHCVSS 8.8fixed in 93.0.4577.82≥ 93.0.4577.82, < 93.0.4577.822023-07-29

CVE-2021-4319 [HIGH] CWE-416 CVE-2021-4319: Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-2314MEDIUMCVSS 6.5fixed in 111.0.5563.64≥ 111.0.5563.64, < 111.0.5563.642023-07-29

CVE-2023-2314 [MEDIUM] CWE-345 CVE-2023-2314: Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote at Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2022-4910MEDIUMCVSS 5.4fixed in 107.0.5304.62≥ 107.0.5304.62, < 107.0.5304.622023-07-29

CVE-2022-4910 [MEDIUM] CVE-2022-4910: Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote at Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2022-4925MEDIUMCVSS 6.5fixed in 97.0.4692.71≥ 97.0.4692.71, < 97.0.4692.712023-07-29

CVE-2022-4925 [MEDIUM] CWE-20 CVE-2022-4925: Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low)

nvd

CVE-2021-4316MEDIUMCVSS 4.3fixed in 96.0.4664.45≥ 96.0.4664.45, < 96.0.4664.452023-07-29

CVE-2021-4316 [MEDIUM] CVE-2021-4316: Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote atta Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)

nvd

← Previous41 / 199Next →