Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 51 of 199
CVE-2022-3890CRITICALCVSS 9.6fixed in 107.0.5304.106≥ unspecified, < 107.0.5304.1062022-11-09
CVE-2022-3890 [CRITICAL] CWE-787 CVE-2022-3890: Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remot
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3446HIGHCVSS 8.8fixed in 106.0.5249.119≥ unspecified, < 106.0.5249.1192022-11-09
CVE-2022-3446 [HIGH] CWE-787 CVE-2022-3446: Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to
Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3448HIGHCVSS 8.8fixed in 106.0.5249.119≥ unspecified, < 106.0.5249.1192022-11-09
CVE-2022-3448 [HIGH] CWE-416 CVE-2022-3448: Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker
Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3887HIGHCVSS 8.8fixed in 107.0.5304.106≥ unspecified, < 107.0.5304.1062022-11-09
CVE-2022-3887 [HIGH] CWE-416 CVE-2022-3887: Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to
Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3885HIGHCVSS 8.8fixed in 107.0.5304.106≥ unspecified, < 107.0.5304.1062022-11-09
CVE-2022-3885 [HIGH] CWE-416 CVE-2022-3885: Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potential
Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3889HIGHCVSS 8.8fixed in 107.0.5304.106≥ unspecified, < 107.0.5304.1062022-11-09
CVE-2022-3889 [HIGH] CWE-843 CVE-2022-3889: Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potential
Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3449HIGHCVSS 8.8fixed in 106.0.5249.119≥ unspecified, < 106.0.5249.1192022-11-09
CVE-2022-3449 [HIGH] CWE-416 CVE-2022-3449: Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who con
Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
nvd
CVE-2022-3888HIGHCVSS 8.8fixed in 107.0.5304.106≥ unspecified, < 107.0.5304.1062022-11-09
CVE-2022-3888 [HIGH] CWE-416 CVE-2022-3888: Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to po
Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3445HIGHCVSS 8.8fixed in 106.0.5249.119≥ unspecified, < 106.0.5249.1192022-11-09
CVE-2022-3445 [HIGH] CWE-416 CVE-2022-3445: Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potenti
Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3450HIGHCVSS 8.8fixed in 106.0.5249.119≥ unspecified, < 106.0.5249.1192022-11-09
CVE-2022-3450 [HIGH] CWE-416 CVE-2022-3450: Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker
Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3886HIGHCVSS 8.8fixed in 107.0.5304.106≥ unspecified, < 107.0.5304.1062022-11-09
CVE-2022-3886 [HIGH] CWE-416 CVE-2022-3886: Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attac
Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3447MEDIUMCVSS 4.3fixed in 106.0.5249.119≥ unspecified, < 106.0.5249.1192022-11-09
CVE-2022-3447 [MEDIUM] CWE-125 CVE-2022-3447: Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allo
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3308HIGHCVSS 7.4fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01
CVE-2022-3308 [HIGH] CWE-602 CVE-2022-3308: Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a
Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2022-3657HIGHCVSS 8.8fixed in 107.0.5304.62≥ unspecified, < 107.0.5304.622022-11-01
CVE-2022-3657 [HIGH] CWE-416 CVE-2022-3657: Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinc
Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
nvd
CVE-2022-3655HIGHCVSS 8.8fixed in 107.0.5304.62≥ unspecified, < 107.0.5304.622022-11-01
CVE-2022-3655 [HIGH] CWE-787 CVE-2022-3655: Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker
Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2022-3306HIGHCVSS 8.8fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01
CVE-2022-3306 [HIGH] CWE-416 CVE-2022-3306: Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attack
Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3315HIGHCVSS 8.8fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01
CVE-2022-3315 [HIGH] CWE-843 CVE-2022-3315: Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potenti
Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2022-3304HIGHCVSS 8.8fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01
CVE-2022-3304 [HIGH] CWE-416 CVE-2022-3304: Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potential
Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3307HIGHCVSS 8.8fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01
CVE-2022-3307 [HIGH] CWE-362 CVE-2022-3307: Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potenti
Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3373HIGHCVSS 8.8fixed in 106.0.5249.91≥ unspecified, < 106.0.5249.912022-11-01
CVE-2022-3373 [HIGH] CWE-787 CVE-2022-3373: Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perfo
Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
nvd