Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 55 of 199
CVE-2022-3056MEDIUMCVSS 6.5fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3056 [MEDIUM] CWE-693 CVE-2022-3056: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 a
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.
nvd
CVE-2022-2856MEDIUMCVSS 6.5KEVfixed in 104.0.5112.101fixed in 104.0.5112.102+1 more2022-09-26
CVE-2022-2856 [MEDIUM] CWE-20 CVE-2022-2856: Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.511
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
nvd
CVE-2022-3054MEDIUMCVSS 6.5fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3054 [MEDIUM] CVE-2022-3054: Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote
Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-3057MEDIUMCVSS 6.5fixed in 105.0.5195.52≥ unspecified, < 105.0.5195.522022-09-26
CVE-2022-3057 [MEDIUM] CWE-352 CVE-2022-3057: Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a rem
Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2022-2587CRITICALCVSS 9.8fixed in 102.0.5005.125≥ unspecified, < 102.0.5005.1252022-08-12
CVE-2022-2587 [CRITICAL] CWE-787 CVE-2022-2587: Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125
Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata.
nvd
CVE-2022-2603HIGHCVSS 8.8fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2603 [HIGH] CWE-416 CVE-2022-2603: Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to poten
Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-2606HIGHCVSS 8.8fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2606 [HIGH] CWE-416 CVE-2022-2606: Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attac
Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-2620HIGHCVSS 8.8fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2620 [HIGH] CWE-665 CVE-2022-2620: Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attack
Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2604HIGHCVSS 8.8fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2604 [HIGH] CWE-416 CVE-2022-2604: Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to
Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-2621HIGHCVSS 8.8fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2621 [HIGH] CWE-416 CVE-2022-2621: Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinc
Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2617HIGHCVSS 8.8fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2617 [HIGH] CWE-362 CVE-2022-2617: Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who con
Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2609HIGHCVSS 8.8fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2609 [HIGH] CWE-362 CVE-2022-2609: Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote
Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2607HIGHCVSS 8.8fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2607 [HIGH] CWE-362 CVE-2022-2607: Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote at
Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2613HIGHCVSS 8.8fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2613 [HIGH] CWE-416 CVE-2022-2613: Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attack
Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2608HIGHCVSS 8.8fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2608 [HIGH] CWE-362 CVE-2022-2608: Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remot
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2623HIGHCVSS 8.8fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2623 [HIGH] CWE-362 CVE-2022-2623: Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attack
Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2624HIGHCVSS 8.8fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2624 [HIGH] CWE-787 CVE-2022-2624: Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who co
Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2022-2614HIGHCVSS 8.8fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2614 [HIGH] CWE-416 CVE-2022-2614: Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-2610MEDIUMCVSS 6.5fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2610 [MEDIUM] CWE-668 CVE-2022-2610: Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2022-2616MEDIUMCVSS 6.5fixed in 104.0.5112.79≥ unspecified, < 104.0.5112.792022-08-12
CVE-2022-2616 [MEDIUM] CVE-2022-2616: Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an at
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.
nvd