Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 58 of 199
CVE-2022-1865HIGHCVSS 8.8fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1865 [HIGH] CWE-416 CVE-2022-1865: Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convince
Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
nvd
CVE-2022-1870HIGHCVSS 8.8fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1870 [HIGH] CWE-416 CVE-2022-1870: Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convin
Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
nvd
CVE-2022-1857HIGHCVSS 8.8fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1857 [HIGH] CVE-2022-1857: Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page.
nvd
CVE-2022-1856HIGHCVSS 8.8fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1856 [HIGH] CWE-416 CVE-2022-1856: Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who con
Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction.
nvd
CVE-2022-1854HIGHCVSS 8.8fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1854 [HIGH] CWE-416 CVE-2022-1854: Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potenti
Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1863HIGHCVSS 8.8fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1863 [HIGH] CWE-416 CVE-2022-1863: Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinc
Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
nvd
CVE-2022-1869MEDIUMCVSS 6.5fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1869 [MEDIUM] CWE-843 CVE-2022-1869: Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentiall
Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1872MEDIUMCVSS 4.3fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1872 [MEDIUM] CVE-2022-1872: Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an
Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
nvd
CVE-2022-1862MEDIUMCVSS 6.5fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1862 [MEDIUM] CVE-2022-1862: Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attack
Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.
nvd
CVE-2022-1858MEDIUMCVSS 6.5fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1858 [MEDIUM] CWE-125 CVE-2022-1858: Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to
Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction.
nvd
CVE-2022-1873MEDIUMCVSS 6.5fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1873 [MEDIUM] CWE-668 CVE-2022-1873: Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote att
Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2022-1875MEDIUMCVSS 4.3fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1875 [MEDIUM] CWE-668 CVE-2022-1875: Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacke
Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2022-1867MEDIUMCVSS 6.5fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1867 [MEDIUM] CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61
Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content.
nvd
CVE-2022-1871MEDIUMCVSS 4.3fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1871 [MEDIUM] CVE-2022-1871: Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page.
nvd
CVE-2022-1868MEDIUMCVSS 6.5fixed in 102.0.5005.61≥ unspecified, < 102.0.5005.612022-07-27
CVE-2022-1868 [MEDIUM] CVE-2022-1868: Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an at
Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2022-1634HIGHCVSS 8.8fixed in 101.0.4951.64≥ unspecified, < 101.0.4951.642022-07-26
CVE-2022-1634 [HIGH] CWE-416 CVE-2022-1634: Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who h
Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions.
nvd
CVE-2022-1484HIGHCVSS 8.8fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1484 [HIGH] CWE-787 CVE-2022-1484: Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote att
Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1638HIGHCVSS 8.8fixed in 101.0.4951.64≥ unspecified, < 101.0.4951.642022-07-26
CVE-2022-1638 [HIGH] CWE-787 CVE-2022-1638: Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a re
Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1486HIGHCVSS 8.8fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1486 [HIGH] CWE-843 CVE-2022-1486: Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain pot
Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2022-1489HIGHCVSS 8.8fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1489 [HIGH] CWE-787 CVE-2022-1489: Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41
Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.
nvd