Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 48 of 199
CVE-2023-0704MEDIUMCVSS 6.5fixed in 110.0.5481.77≥ unspecified, < 110.0.5481.772023-02-07
CVE-2023-0704 [MEDIUM] CWE-602 CVE-2023-0704: Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote
Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-0700MEDIUMCVSS 6.5fixed in 110.0.5481.77≥ unspecified, < 110.0.5481.772023-02-07
CVE-2023-0700 [MEDIUM] CWE-451 CVE-2023-0700: Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote at
Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-0697MEDIUMCVSS 6.5fixed in 110.0.5481.77≥ unspecified, < 110.0.5481.772023-02-07
CVE-2023-0697 [MEDIUM] CVE-2023-0697: Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-0471HIGHCVSS 8.8fixed in 109.0.5414.119≥ unspecified, < 109.0.5414.1192023-01-30
CVE-2023-0471 [HIGH] CWE-416 CVE-2023-0471: Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to
Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-0473HIGHCVSS 8.8fixed in 109.0.5414.119≥ unspecified, < 109.0.5414.1192023-01-30
CVE-2023-0473 [HIGH] CWE-843 CVE-2023-0473: Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attack
Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-0472HIGHCVSS 8.8fixed in 109.0.5414.119≥ unspecified, < 109.0.5414.1192023-01-30
CVE-2023-0472 [HIGH] CWE-416 CVE-2023-0472: Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to poten
Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-0474HIGHCVSS 8.8fixed in 109.0.5414.119≥ unspecified, < 109.0.5414.1192023-01-30
CVE-2023-0474 [HIGH] CWE-416 CVE-2023-0474: Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinc
Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)
nvd
CVE-2023-0138HIGHCVSS 8.8fixed in 109.0.5414.74≥ unspecified, < 109.0.5414.742023-01-10
CVE-2023-0138 [HIGH] CWE-787 CVE-2023-0138: Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote atta
Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-0134HIGHCVSS 8.8fixed in 109.0.5414.74≥ unspecified, < 109.0.5414.742023-01-10
CVE-2023-0134 [HIGH] CWE-416 CVE-2023-0134: Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a u
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-0136HIGHCVSS 8.8fixed in 109.0.5414.74≥ unspecified, < 109.0.5414.742023-01-10
CVE-2023-0136 [HIGH] CVE-2023-0136: Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-0128HIGHCVSS 8.8fixed in 109.0.5414.74≥ unspecified, < 109.0.5414.742023-01-10
CVE-2023-0128 [HIGH] CWE-416 CVE-2023-0128: Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remot
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-0137HIGHCVSS 8.8fixed in 109.0.5414.74≥ unspecified, < 109.0.5414.742023-01-10
CVE-2023-0137 [HIGH] CWE-787 CVE-2023-0137: Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a
Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-0129HIGHCVSS 8.8fixed in 109.0.5414.74≥ unspecified, < 109.0.5414.742023-01-10
CVE-2023-0129 [HIGH] CWE-787 CVE-2023-0129: Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)
nvd
CVE-2023-0135HIGHCVSS 8.8fixed in 109.0.5414.74≥ unspecified, < 109.0.5414.742023-01-10
CVE-2023-0135 [HIGH] CWE-416 CVE-2023-0135: Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a u
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-0133MEDIUMCVSS 6.5fixed in 109.0.5414.74≥ unspecified, < 109.0.5414.742023-01-10
CVE-2023-0133 [MEDIUM] CWE-863 CVE-2023-0133: Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.541
Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-0131MEDIUMCVSS 6.5fixed in 109.0.5414.74≥ unspecified, < 109.0.5414.742023-01-10
CVE-2023-0131 [MEDIUM] CWE-693 CVE-2023-0131: Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-0139MEDIUMCVSS 6.5fixed in 109.0.5414.74≥ unspecified, < 109.0.5414.742023-01-10
CVE-2023-0139 [MEDIUM] CWE-20 CVE-2023-0139: Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2023-0132MEDIUMCVSS 6.5fixed in 109.0.5414.74≥ unspecified, < 109.0.5414.742023-01-10
CVE-2023-0132 [MEDIUM] CWE-346 CVE-2023-0132: Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.541
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-0130MEDIUMCVSS 6.5fixed in 109.0.5414.74≥ unspecified, < 109.0.5414.742023-01-10
CVE-2023-0130 [MEDIUM] CWE-451 CVE-2023-0130: Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2023-0141MEDIUMCVSS 4.3fixed in 109.0.5414.74≥ unspecified, < 109.0.5414.742023-01-10
CVE-2023-0141 [MEDIUM] CWE-693 CVE-2023-0141: Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote att
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
nvd