Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 43 of 199
CVE-2023-3214HIGHCVSS 8.8fixed in 114.0.5735.133≥ 114.0.5735.133, < 114.0.5735.1332023-06-13
CVE-2023-3214 [HIGH] CWE-416 CVE-2023-3214: Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attack
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2023-3215HIGHCVSS 8.8fixed in 114.0.5735.133≥ 114.0.5735.133, < 114.0.5735.1332023-06-13
CVE-2023-3215 [HIGH] CWE-416 CVE-2023-3215: Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to poten
Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-3079HIGHCVSS 8.8KEVfixed in 114.0.5735.110≥ 114.0.5735.110, < 114.0.5735.1102023-06-05
CVE-2023-3079 [HIGH] CWE-843 CVE-2023-3079: Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potential
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-2935HIGHCVSS 8.8fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-05-30
CVE-2023-2935 [HIGH] CWE-843 CVE-2023-2935: Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-2933HIGHCVSS 8.8fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-05-30
CVE-2023-2933 [HIGH] CWE-416 CVE-2023-2933: Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potential
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
nvd
CVE-2023-2930HIGHCVSS 8.8fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-05-30
CVE-2023-2930 [HIGH] CWE-416 CVE-2023-2930: Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinc
Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-2932HIGHCVSS 8.8fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-05-30
CVE-2023-2932 [HIGH] CWE-416 CVE-2023-2932: Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potential
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
nvd
CVE-2023-2929HIGHCVSS 8.8fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-05-30
CVE-2023-2929 [HIGH] CWE-787 CVE-2023-2929: Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker
Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-2936HIGHCVSS 8.8fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-05-30
CVE-2023-2936 [HIGH] CWE-843 CVE-2023-2936: Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-2934HIGHCVSS 8.8fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-05-30
CVE-2023-2934 [HIGH] CWE-787 CVE-2023-2934: Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacke
Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-2931HIGHCVSS 8.8fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-05-30
CVE-2023-2931 [HIGH] CWE-416 CVE-2023-2931: Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potential
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
nvd
CVE-2023-2939HIGHCVSS 7.8fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-05-30
CVE-2023-2939 [HIGH] CWE-59 CVE-2023-2939: Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
nvd
CVE-2023-2941MEDIUMCVSS 4.3fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-05-30
CVE-2023-2941 [MEDIUM] CWE-451 CVE-2023-2941: Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an at
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)
nvd
CVE-2023-2937MEDIUMCVSS 4.3fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-05-30
CVE-2023-2937 [MEDIUM] CWE-451 CVE-2023-2937: Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-2940MEDIUMCVSS 6.5fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-05-30
CVE-2023-2940 [MEDIUM] CWE-284 CVE-2023-2940: Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacke
Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-2938MEDIUMCVSS 4.3fixed in 114.0.5735.90≥ 114.0.5735.90, < 114.0.5735.902023-05-30
CVE-2023-2938 [MEDIUM] CWE-451 CVE-2023-2938: Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-2724HIGHCVSS 8.8fixed in 113.0.5672.126≥ 113.0.5672.126, < 113.0.5672.1262023-05-16
CVE-2023-2724 [HIGH] CWE-843 CVE-2023-2724: Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potential
Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-2722HIGHCVSS 8.8fixed in 113.0.5672.126≥ 113.0.5672.126, < 113.0.5672.1262023-05-16
CVE-2023-2722 [HIGH] CWE-416 CVE-2023-2722: Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote a
Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-2726HIGHCVSS 8.8fixed in 113.0.5672.126≥ 113.0.5672.126, < 113.0.5672.1262023-05-16
CVE-2023-2726 [HIGH] CVE-2023-2726: Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-2723HIGHCVSS 8.8fixed in 113.0.5672.126≥ 113.0.5672.126, < 113.0.5672.1262023-05-16
CVE-2023-2723 [HIGH] CWE-416 CVE-2023-2723: Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who ha
Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd