Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 54 of 199
CVE-2022-2998HIGHCVSS 8.8fixed in 104.0.5112.101≥ unspecified, < 104.0.5112.1012022-09-26
CVE-2022-2998 [HIGH] CWE-416 CVE-2022-2998: Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacke
Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-2857HIGHCVSS 8.8fixed in 104.0.5112.101≥ unspecified, < 104.0.5112.1012022-09-26
CVE-2022-2857 [HIGH] CWE-362 CVE-2022-2857: Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potent
Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-3200HIGHCVSS 8.8fixed in 105.0.5195.125≥ unspecified, < 105.0.5195.1252022-09-26
CVE-2022-3200 [HIGH] CWE-787 CVE-2022-3200: Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker
Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3195HIGHCVSS 8.8fixed in 105.0.5195.125≥ unspecified, < 105.0.5195.1252022-09-26
CVE-2022-3195 [HIGH] CWE-787 CVE-2022-3195: Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to
Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-2859HIGHCVSS 8.8fixed in 104.0.5112.101≥ unspecified, < 104.0.5112.1012022-09-26
CVE-2022-2859 [HIGH] CWE-416 CVE-2022-2859: Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker
Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-3045HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3045 [HIGH] CWE-787 CVE-2022-3045: Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a r
Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-3071HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3071 [HIGH] CWE-362 CVE-2022-3071: Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a r
Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
nvd
CVE-2022-3198HIGHCVSS 8.8fixed in 105.0.5195.125≥ unspecified, < 105.0.5195.1252022-09-26
CVE-2022-3198 [HIGH] CWE-416 CVE-2022-3198: Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentia
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
nvd
CVE-2022-3196HIGHCVSS 8.8fixed in 105.0.5195.125≥ unspecified, < 105.0.5195.1252022-09-26
CVE-2022-3196 [HIGH] CWE-416 CVE-2022-3196: Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentia
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
nvd
CVE-2022-3039HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3039 [HIGH] CWE-416 CVE-2022-3039: Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potent
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-3041HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3041 [HIGH] CWE-416 CVE-2022-3041: Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potent
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-3051HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3051 [HIGH] CWE-787 CVE-2022-3051: Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allow
Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
nvd
CVE-2022-3049HIGHCVSS 8.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3049 [HIGH] CWE-362 CVE-2022-3049: Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a
Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-3053MEDIUMCVSS 4.3fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3053 [MEDIUM] CVE-2022-3053: Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed
Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.
nvd
CVE-2022-3047MEDIUMCVSS 6.5fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3047 [MEDIUM] CWE-602 CVE-2022-3047: Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an
Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
nvd
CVE-2022-2860MEDIUMCVSS 6.5fixed in 104.0.5112.101≥ unspecified, < 104.0.5112.1012022-09-26
CVE-2022-2860 [MEDIUM] CVE-2022-2860: Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
nvd
CVE-2022-3201MEDIUMCVSS 5.4fixed in 105.0.5195.125≥ unspecified, < 105.0.5195.1252022-09-26
CVE-2022-3201 [MEDIUM] CWE-20 CVE-2022-3201: Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2022-3048MEDIUMCVSS 6.8fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3048 [MEDIUM] CWE-863 CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.51
Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.
nvd
CVE-2022-2861MEDIUMCVSS 6.5fixed in 104.0.5112.101≥ unspecified, < 104.0.5112.1012022-09-26
CVE-2022-2861 [MEDIUM] CWE-79 CVE-2022-2861: Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an a
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.
nvd
CVE-2022-3044MEDIUMCVSS 6.5fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3044 [MEDIUM] CWE-693 CVE-2022-3044: Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a rem
Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
nvd