Google Chrome vulnerabilities

3,975 known vulnerabilities affecting google/chrome.

Total CVEs

3,975

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11

Vulnerabilities

Page 44 of 199

CVE-2023-2725HIGHCVSS 8.8fixed in 113.0.5672.126≥ 113.0.5672.126, < 113.0.5672.1262023-05-16

CVE-2023-2725 [HIGH] CWE-416 CVE-2023-2725: Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convin Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-2721HIGHCVSS 8.8fixed in 113.0.5672.126≥ 113.0.5672.126, < 113.0.5672.1262023-05-16

CVE-2023-2721 [HIGH] CWE-416 CVE-2023-2721: Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to p Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

nvd

CVE-2023-2458HIGHCVSS 8.8fixed in 113.0.5672.114≥ 113.0.5672.114, < 113.0.5672.1142023-05-12

CVE-2023-2458 [HIGH] CWE-416 CVE-2023-2458: Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a rem Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)

nvd

CVE-2023-2457HIGHCVSS 8.8fixed in 113.0.5672.114≥ 113.0.5672.114, < 113.0.5672.1142023-05-12

CVE-2023-2457 [HIGH] CWE-787 CVE-2023-2457: Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 al Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)

nvd

CVE-2023-2461HIGHCVSS 8.8fixed in 113.0.5672.63≥ 113.0.5672.63, < 113.0.5672.632023-05-03

CVE-2023-2461 [HIGH] CWE-416 CVE-2023-2461: Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote att Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)

nvd

CVE-2023-2460HIGHCVSS 7.1fixed in 113.0.5672.63≥ 113.0.5672.63, < 113.0.5672.632023-05-03

CVE-2023-2460 [HIGH] CVE-2023-2460: Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 all Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2023-2464MEDIUMCVSS 4.3fixed in 113.0.5672.63≥ 113.0.5672.63, < 113.0.5672.632023-05-03

CVE-2023-2464 [MEDIUM] CVE-2023-2464: Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2023-2463MEDIUMCVSS 4.3fixed in 113.0.5672.63≥ 113.0.5672.63, < 113.0.5672.632023-05-03

CVE-2023-2463 [MEDIUM] CVE-2023-2463: Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2023-2467MEDIUMCVSS 4.3fixed in 113.0.5672.63≥ 113.0.5672.63, < 113.0.5672.632023-05-03

CVE-2023-2467 [MEDIUM] CVE-2023-2467: Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2023-2462MEDIUMCVSS 4.3fixed in 113.0.5672.63≥ 113.0.5672.63, < 113.0.5672.632023-05-03

CVE-2023-2462 [MEDIUM] CVE-2023-2462: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote att Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2023-2466MEDIUMCVSS 4.3fixed in 113.0.5672.63≥ 113.0.5672.63, < 113.0.5672.632023-05-03

CVE-2023-2466 [MEDIUM] CVE-2023-2466: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote att Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2023-2459MEDIUMCVSS 6.5fixed in 113.0.5672.63≥ 113.0.5672.63, < 113.0.5672.632023-05-03

CVE-2023-2459 [MEDIUM] CVE-2023-2459: Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote att Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2023-2465MEDIUMCVSS 4.3fixed in 113.0.5672.63≥ 113.0.5672.63, < 113.0.5672.632023-05-03

CVE-2023-2465 [MEDIUM] CVE-2023-2465: Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attack Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2023-2468MEDIUMCVSS 4.3fixed in 113.0.5672.63≥ 113.0.5672.63, < 113.0.5672.632023-05-03

CVE-2023-2468 [MEDIUM] CVE-2023-2468: Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a r Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2023-2136CRITICALCVSS 9.6KEVfixed in 112.0.5615.137≥ 112.0.5615.137, < 112.0.5615.1372023-04-19

CVE-2023-2136 [CRITICAL] CWE-190 CVE-2023-2136: Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-2134HIGHCVSS 8.8fixed in 112.0.5615.137≥ 112.0.5615.137, < 112.0.5615.1372023-04-19

CVE-2023-2134 [HIGH] CWE-787 CVE-2023-2134: Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-2137HIGHCVSS 8.8fixed in 112.0.5615.137≥ 112.0.5615.137, < 112.0.5615.1372023-04-19

CVE-2023-2137 [HIGH] CWE-787 CVE-2023-2137: Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2023-2135HIGHCVSS 7.5fixed in 112.0.5615.137≥ 112.0.5615.137, < 112.0.5615.1372023-04-19

CVE-2023-2135 [HIGH] CWE-416 CVE-2023-2135: Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who co Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-2133HIGHCVSS 8.8fixed in 112.0.5615.137≥ 112.0.5615.137, < 112.0.5615.1372023-04-19

CVE-2023-2133 [HIGH] CWE-787 CVE-2023-2133: Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2023-2033HIGHCVSS 8.8KEVfixed in 112.0.5615.121≥ 112.0.5615.121, < 112.0.5615.1212023-04-14

CVE-2023-2033 [HIGH] CWE-843 CVE-2023-2033: Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potential Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

← Previous44 / 199Next →