Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 53 of 199
CVE-2022-3313MEDIUMCVSS 6.5fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01
CVE-2022-3313 [MEDIUM] CWE-451 CVE-2022-3313: Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attack
Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2022-3444MEDIUMCVSS 4.3fixed in 106.0.5249.62≥ unspecified, < 106.0.5249.622022-11-01
CVE-2022-3444 [MEDIUM] CWE-20 CVE-2022-3444: Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a re
Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low)
nvd
CVE-2019-5797HIGHCVSS 7.5PoCfixed in 73.0.3683.75≥ unspecified, < 73.0.3683.752022-09-29
CVE-2019-5797 [HIGH] CWE-415 CVE-2019-5797: Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potent
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-3075CRITICALCVSS 9.6KEVfixed in 105.0.5195.102≥ unspecified, < 105.0.5195.1022022-09-26
CVE-2022-3075 [CRITICAL] CWE-20 CVE-2022-3075: Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attac
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2022-3197HIGHCVSS 8.8fixed in 105.0.5195.125≥ unspecified, < 105.0.5195.1252022-09-26
CVE-2022-3197 [HIGH] CWE-416 CVE-2022-3197: Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentia
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
nvd
CVE-2022-3055HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3055 [HIGH] CWE-416 CVE-2022-3055: Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who co
Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-2852HIGHCVSS 8.8fixed in 104.0.5112.101≥ unspecified, < 104.0.5112.1012022-09-26
CVE-2022-2852 [HIGH] CWE-416 CVE-2022-2852: Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potent
Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-3042HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3042 [HIGH] CWE-362 CVE-2022-3042: Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote att
Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-2858HIGHCVSS 8.8fixed in 104.0.5112.101≥ unspecified, < 104.0.5112.1012022-09-26
CVE-2022-2858 [HIGH] CWE-416 CVE-2022-2858: Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.
nvd
CVE-2022-2854HIGHCVSS 8.8fixed in 104.0.5112.101≥ unspecified, < 104.0.5112.1012022-09-26
CVE-2022-2854 [HIGH] CWE-362 CVE-2022-2854: Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to
Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-3038HIGHCVSS 8.8KEVfixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3038 [HIGH] CWE-416 CVE-2022-3038: Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-3050HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3050 [HIGH] CWE-787 CVE-2022-3050: Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote
Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
nvd
CVE-2022-3199HIGHCVSS 8.8fixed in 105.0.5195.125≥ unspecified, < 105.0.5195.1252022-09-26
CVE-2022-3199 [HIGH] CWE-416 CVE-2022-3199: Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to poten
Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3058HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3058 [HIGH] CWE-416 CVE-2022-3058: Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who
Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
nvd
CVE-2022-3040HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3040 [HIGH] CWE-787 CVE-2022-3040: Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potent
Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-3046HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3046 [HIGH] CWE-416 CVE-2022-3046: Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convin
Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-2855HIGHCVSS 8.8fixed in 104.0.5112.101≥ unspecified, < 104.0.5112.1012022-09-26
CVE-2022-2855 [HIGH] CWE-416 CVE-2022-2855: Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potent
Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-3043HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3043 [HIGH] CWE-787 CVE-2022-3043: Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed
Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-2853HIGHCVSS 8.8fixed in 104.0.5112.101≥ unspecified, < 104.0.5112.1012022-09-26
CVE-2022-2853 [HIGH] CWE-787 CVE-2022-2853: Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remo
Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-3052HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3052 [HIGH] CWE-787 CVE-2022-3052: Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52
Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
nvd