Google Chrome vulnerabilities

3,975 known vulnerabilities affecting google/chrome.

Total CVEs

3,975

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11

Vulnerabilities

Page 52 of 199

CVE-2022-3370HIGHCVSS 8.8fixed in 106.0.5249.91≥ unspecified, < 106.0.5249.912022-11-01

CVE-2022-3370 [HIGH] CWE-416 CVE-2022-3370: Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2022-3652HIGHCVSS 8.8fixed in 107.0.5304.62≥ unspecified, < 107.0.5304.622022-11-01

CVE-2022-3652 [HIGH] CWE-843 CVE-2022-3652: Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentiall Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2022-3305HIGHCVSS 8.8fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01

CVE-2022-3305 [HIGH] CWE-416 CVE-2022-3305: Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attack Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2022-3653HIGHCVSS 8.8fixed in 107.0.5304.62≥ unspecified, < 107.0.5304.622022-11-01

CVE-2022-3653 [HIGH] CWE-787 CVE-2022-3653: Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2022-3723HIGHCVSS 8.8KEVfixed in 107.0.5304.87≥ unspecified, < 107.0.5304.872022-11-01

CVE-2022-3723 [HIGH] CWE-843 CVE-2022-3723: Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentiall Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2022-3658HIGHCVSS 8.8fixed in 107.0.5304.62≥ unspecified, < 107.0.5304.622022-11-01

CVE-2022-3658 [HIGH] CWE-416 CVE-2022-3658: Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

nvd

CVE-2022-3659HIGHCVSS 8.8fixed in 107.0.5304.62≥ unspecified, < 107.0.5304.622022-11-01

CVE-2022-3659 [HIGH] CWE-416 CVE-2022-3659: Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remot Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: Medium)

nvd

CVE-2022-3654HIGHCVSS 8.8fixed in 107.0.5304.62≥ unspecified, < 107.0.5304.622022-11-01

CVE-2022-3654 [HIGH] CWE-416 CVE-2022-3654: Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potent Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2022-3656HIGHCVSS 8.8fixed in 107.0.5304.62≥ unspecified, < 107.0.5304.622022-11-01

CVE-2022-3656 [HIGH] CWE-20 CVE-2022-3656: Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2022-3443MEDIUMCVSS 4.3fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01

CVE-2022-3443 [MEDIUM] CVE-2022-3443: Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a re Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2022-3309MEDIUMCVSS 6.5fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01

CVE-2022-3309 [MEDIUM] CWE-416 CVE-2022-3309: Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote att Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: Medium)

nvd

CVE-2022-3312MEDIUMCVSS 4.6fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01

CVE-2022-3312 [MEDIUM] CWE-306 CVE-2022-3312: Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.6 Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chromium security severity: Medium)

nvd

CVE-2022-3660MEDIUMCVSS 4.3fixed in 107.0.5304.62≥ unspecified, < 107.0.5304.622022-11-01

CVE-2022-3660 [MEDIUM] CVE-2022-3660: Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2022-3310MEDIUMCVSS 6.5fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01

CVE-2022-3310 [MEDIUM] CWE-602 CVE-2022-3310: Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 al Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)

nvd

CVE-2022-3316MEDIUMCVSS 4.3fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01

CVE-2022-3316 [MEDIUM] CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2022-3317MEDIUMCVSS 4.3fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01

CVE-2022-3317 [MEDIUM] CVE-2022-3317: Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.524 Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2022-3314MEDIUMCVSS 6.5fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01

CVE-2022-3314 [MEDIUM] CWE-416 CVE-2022-3314: Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2022-3318MEDIUMCVSS 4.3fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01

CVE-2022-3318 [MEDIUM] CWE-404 CVE-2022-3318: Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. (Chromium security severity: Low)

nvd

CVE-2022-3311MEDIUMCVSS 6.5fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01

CVE-2022-3311 [MEDIUM] CWE-416 CVE-2022-3311: Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had c Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2022-3661MEDIUMCVSS 4.3fixed in 107.0.5304.62≥ unspecified, < 107.0.5304.622022-11-01

CVE-2022-3661 [MEDIUM] CWE-20 CVE-2022-3661: Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. (Chromium security severity: Low)

nvd

← Previous52 / 199Next →