Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 45 of 199
CVE-2023-1820HIGHCVSS 8.8fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1820 [HIGH] CWE-787 CVE-2023-1820: Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote att
Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-1812HIGHCVSS 8.8fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1812 [HIGH] CWE-787 CVE-2023-1812: Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote
Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-1810HIGHCVSS 8.8fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1810 [HIGH] CWE-787 CVE-2023-1810: Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker wh
Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-1811HIGHCVSS 8.8fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1811 [HIGH] CWE-416 CVE-2023-1811: Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convi
Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-1815HIGHCVSS 8.8fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1815 [HIGH] CWE-416 CVE-2023-1815: Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker
Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-1818HIGHCVSS 8.8fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1818 [HIGH] CWE-416 CVE-2023-1818: Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potent
Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-1814MEDIUMCVSS 6.5fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1814 [MEDIUM] CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-1813MEDIUMCVSS 6.5fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1813 [MEDIUM] CVE-2023-1813: Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attack
Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-1816MEDIUMCVSS 6.5fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1816 [MEDIUM] CVE-2023-1816: Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote
Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-1822MEDIUMCVSS 6.5fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1822 [MEDIUM] CVE-2023-1822: Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacke
Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-1819MEDIUMCVSS 6.5fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1819 [MEDIUM] CWE-125 CVE-2023-1819: Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacke
Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-1823MEDIUMCVSS 6.5fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1823 [MEDIUM] CVE-2023-1823: Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attac
Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-1821MEDIUMCVSS 6.5fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1821 [MEDIUM] CVE-2023-1821: Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote at
Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-1817MEDIUMCVSS 6.5fixed in 112.0.5615.49≥ 112.0.5615.49, < 112.0.5615.492023-04-04
CVE-2023-1817 [MEDIUM] CVE-2023-1817: Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowe
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-1529CRITICALCVSS 9.8fixed in 111.0.5563.110≥ 111.0.5563.110, < 111.0.5563.1102023-03-21
CVE-2023-1529 [CRITICAL] CWE-787 CVE-2023-1529: Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote atta
Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)
nvd
CVE-2023-1533HIGHCVSS 8.8fixed in 111.0.5563.110≥ 111.0.5563.110, < 111.0.5563.1102023-03-21
CVE-2023-1533 [HIGH] CWE-416 CVE-2023-1533: Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to p
Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-1531HIGHCVSS 8.8fixed in 111.0.5563.110≥ 111.0.5563.110, < 111.0.5563.1102023-03-21
CVE-2023-1531 [HIGH] CWE-416 CVE-2023-1531: Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potent
Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-1528HIGHCVSS 8.8fixed in 111.0.5563.110≥ 111.0.5563.110, < 111.0.5563.1102023-03-21
CVE-2023-1528 [HIGH] CWE-416 CVE-2023-1528: Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who h
Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-1530HIGHCVSS 8.8fixed in 111.0.5563.110≥ 111.0.5563.110, < 111.0.5563.1102023-03-21
CVE-2023-1530 [HIGH] CWE-416 CVE-2023-1530: Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentia
Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-1532HIGHCVSS 8.8fixed in 111.0.5563.110≥ 111.0.5563.110, < 111.0.5563.1102023-03-21
CVE-2023-1532 [HIGH] CWE-125 CVE-2023-1532: Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker t
Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd