Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 50 of 199
CVE-2022-4194HIGHCVSS 8.8fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4194 [HIGH] CWE-416 CVE-2022-4194: Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to
Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2022-4176HIGHCVSS 8.8fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4176 [HIGH] CWE-787 CVE-2022-4176: Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.
Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High)
nvd
CVE-2022-4191HIGHCVSS 8.8fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4191 [HIGH] CWE-416 CVE-2022-4191: Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who conv
Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)
nvd
CVE-2022-4174HIGHCVSS 8.8fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4174 [HIGH] CWE-843 CVE-2022-4174: Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentiall
Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-4177HIGHCVSS 8.8fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4177 [HIGH] CWE-416 CVE-2022-4177: Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinc
Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)
nvd
CVE-2022-4179HIGHCVSS 8.8fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4179 [HIGH] CWE-416 CVE-2022-4179: Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a
Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
nvd
CVE-2022-4192HIGHCVSS 8.8fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4192 [HIGH] CWE-416 CVE-2022-4192: Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who
Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)
nvd
CVE-2022-4181HIGHCVSS 8.8fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4181 [HIGH] CWE-416 CVE-2022-4181: Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potenti
Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-4180HIGHCVSS 8.8fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4180 [HIGH] CWE-416 CVE-2022-4180: Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a u
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
nvd
CVE-2022-4193HIGHCVSS 8.8fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4193 [HIGH] CVE-2022-4193: Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a
Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2022-4182MEDIUMCVSS 4.3fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4182 [MEDIUM] CVE-2022-4182: Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remo
Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2022-4185MEDIUMCVSS 4.3fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4185 [MEDIUM] CVE-2022-4185: Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2022-4184MEDIUMCVSS 4.3fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4184 [MEDIUM] CVE-2022-4184: Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote
Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2022-4183MEDIUMCVSS 4.3fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4183 [MEDIUM] CVE-2022-4183: Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a r
Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2022-4188MEDIUMCVSS 4.3fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4188 [MEDIUM] CWE-74 CVE-2022-4188: Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.7
Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2022-4189MEDIUMCVSS 4.3fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4189 [MEDIUM] CVE-2022-4189: Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attac
Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
nvd
CVE-2022-4187MEDIUMCVSS 6.5fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4187 [MEDIUM] CVE-2022-4187: Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allow
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2022-4186MEDIUMCVSS 4.3fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4186 [MEDIUM] CWE-20 CVE-2022-4186: Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allo
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2022-4195MEDIUMCVSS 4.3fixed in 108.0.5359.71≥ unspecified, < 108.0.5359.712022-11-30
CVE-2022-4195 [MEDIUM] CVE-2022-4195: Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a r
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)
nvd
CVE-2022-4135CRITICALCVSS 9.6KEVfixed in 107.0.5304.121≥ unspecified, < 107.0.5304.1212022-11-25
CVE-2022-4135 [CRITICAL] CWE-787 CVE-2022-4135: Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who h
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd