Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 47 of 199
CVE-2023-1230MEDIUMCVSS 4.3fixed in 111.0.5563.64≥ 111.0.5563.64, < 111.0.5563.642023-03-07
CVE-2023-1230 [MEDIUM] CVE-2023-1230: Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 a
Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-1217MEDIUMCVSS 6.5fixed in 111.0.5563.64≥ 111.0.5563.64, < 111.0.5563.642023-03-07
CVE-2023-1217 [MEDIUM] CWE-787 CVE-2023-1217: Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed
Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-1235MEDIUMCVSS 6.3fixed in 111.0.5563.64≥ 111.0.5563.64, < 111.0.5563.642023-03-07
CVE-2023-1235 [MEDIUM] CWE-843 CVE-2023-1235: Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had
Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)
nvd
CVE-2023-1228MEDIUMCVSS 4.3fixed in 111.0.5563.64≥ 111.0.5563.64, < 111.0.5563.642023-03-07
CVE-2023-1228 [MEDIUM] CVE-2023-1228: Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowe
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-1232MEDIUMCVSS 4.3fixed in 111.0.5563.64≥ 111.0.5563.64, < 111.0.5563.642023-03-07
CVE-2023-1232 [MEDIUM] CVE-2023-1232: Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a
Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-0932HIGHCVSS 8.8fixed in 110.0.5481.177≥ 110.0.5481.177, < 110.0.5481.1772023-02-22
CVE-2023-0932 [HIGH] CWE-416 CVE-2023-0932: Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attack
Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-0931HIGHCVSS 8.8fixed in 110.0.5481.177≥ 110.0.5481.177, < 110.0.5481.1772023-02-22
CVE-2023-0931 [HIGH] CWE-416 CVE-2023-0931: Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potent
Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-0933HIGHCVSS 8.8fixed in 110.0.5481.177≥ 110.0.5481.177, < 110.0.5481.1772023-02-22
CVE-2023-0933 [HIGH] CWE-190 CVE-2023-0933: Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potent
Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
nvd
CVE-2023-0930HIGHCVSS 8.8fixed in 110.0.5481.177≥ 110.0.5481.177, < 110.0.5481.1772023-02-22
CVE-2023-0930 [HIGH] CWE-787 CVE-2023-0930: Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to
Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-0927HIGHCVSS 8.8fixed in 110.0.5481.177≥ 110.0.5481.177, < 110.0.5481.1772023-02-22
CVE-2023-0927 [HIGH] CWE-416 CVE-2023-0927: Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a rem
Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-0928HIGHCVSS 8.8fixed in 110.0.5481.177≥ 110.0.5481.177, < 110.0.5481.1772023-02-22
CVE-2023-0928 [HIGH] CWE-416 CVE-2023-0928: Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to
Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-0941HIGHCVSS 8.8fixed in 110.0.5481.177≥ 110.0.5481.177, < 110.0.5481.1772023-02-22
CVE-2023-0941 [HIGH] CWE-416 CVE-2023-0941: Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to pote
Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2023-0929HIGHCVSS 8.8fixed in 110.0.5481.177≥ 110.0.5481.177, < 110.0.5481.1772023-02-22
CVE-2023-0929 [HIGH] CWE-416 CVE-2023-0929: Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to poten
Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-0702HIGHCVSS 8.8fixed in 110.0.5481.77≥ unspecified, < 110.0.5481.772023-02-07
CVE-2023-0702 [HIGH] CWE-843 CVE-2023-0702: Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker wh
Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-0705HIGHCVSS 7.5fixed in 110.0.5481.77≥ unspecified, < 110.0.5481.772023-02-07
CVE-2023-0705 [HIGH] CWE-190 CVE-2023-0705: Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had o
Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-0698HIGHCVSS 8.8fixed in 110.0.5481.77≥ unspecified, < 110.0.5481.772023-02-07
CVE-2023-0698 [HIGH] CWE-125 CVE-2023-0698: Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to pe
Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-0699HIGHCVSS 8.8fixed in 110.0.5481.77≥ unspecified, < 110.0.5481.772023-02-07
CVE-2023-0699 [HIGH] CWE-416 CVE-2023-0699: Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potential
Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)
nvd
CVE-2023-0696HIGHCVSS 8.8fixed in 110.0.5481.77≥ unspecified, < 110.0.5481.772023-02-07
CVE-2023-0696 [HIGH] CWE-843 CVE-2023-0696: Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentiall
Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-0703HIGHCVSS 8.8fixed in 110.0.5481.77≥ unspecified, < 110.0.5481.772023-02-07
CVE-2023-0703 [HIGH] CWE-843 CVE-2023-0703: Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who con
Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)
nvd
CVE-2023-0701HIGHCVSS 8.8fixed in 110.0.5481.77≥ unspecified, < 110.0.5481.772023-02-07
CVE-2023-0701 [HIGH] CWE-787 CVE-2023-0701: Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who
Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium)
nvd