Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 59 of 199
CVE-2022-1487HIGHCVSS 7.5fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1487 [HIGH] CWE-416 CVE-2022-1487: Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potenti
Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.
nvd
CVE-2022-1636HIGHCVSS 8.8fixed in 101.0.4951.64≥ unspecified, < 101.0.4951.642022-07-26
CVE-2022-1636 [HIGH] CWE-416 CVE-2022-1636: Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker
Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1491HIGHCVSS 8.8fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1491 [HIGH] CWE-416 CVE-2022-1491: Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to pot
Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
nvd
CVE-2022-1364HIGHCVSS 8.8KEVfixed in 100.0.4896.127≥ unspecified, < 100.0.4896.1272022-07-26
CVE-2022-1364 [HIGH] CWE-843 CVE-2022-1364: Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to
Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1641HIGHCVSS 8.8fixed in 101.0.4951.64≥ unspecified, < 101.0.4951.642022-07-26
CVE-2022-1641 [HIGH] CWE-416 CVE-2022-1641: Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a
Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction.
nvd
CVE-2022-1496HIGHCVSS 8.8fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1496 [HIGH] CWE-416 CVE-2022-1496: Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to
Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
nvd
CVE-2022-1478HIGHCVSS 8.8fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1478 [HIGH] CWE-416 CVE-2022-1478: Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to p
Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1639HIGHCVSS 8.8fixed in 101.0.4951.64≥ unspecified, < 101.0.4951.642022-07-26
CVE-2022-1639 [HIGH] CWE-416 CVE-2022-1639: Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potenti
Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1635HIGHCVSS 8.8fixed in 101.0.4951.64≥ unspecified, < 101.0.4951.642022-07-26
CVE-2022-1635 [HIGH] CWE-416 CVE-2022-1635: Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attack
Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.
nvd
CVE-2022-1485HIGHCVSS 7.5fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1485 [HIGH] CWE-416 CVE-2022-1485: Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker
Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1490HIGHCVSS 8.8fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1490 [HIGH] CWE-416 CVE-2022-1490: Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker
Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1477HIGHCVSS 8.8fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1477 [HIGH] CWE-416 CVE-2022-1477: Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potent
Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1493HIGHCVSS 8.8fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1493 [HIGH] CWE-416 CVE-2022-1493: Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to pot
Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
nvd
CVE-2022-1633HIGHCVSS 8.8fixed in 101.0.4951.64≥ unspecified, < 101.0.4951.642022-07-26
CVE-2022-1633 [HIGH] CWE-416 CVE-2022-1633: Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote a
Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.
nvd
CVE-2022-1481HIGHCVSS 8.8fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1481 [HIGH] CWE-416 CVE-2022-1481: Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker w
Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1640HIGHCVSS 8.8fixed in 101.0.4951.64≥ unspecified, < 101.0.4951.642022-07-26
CVE-2022-1640 [HIGH] CWE-416 CVE-2022-1640: Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who conv
Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1479HIGHCVSS 8.8fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1479 [HIGH] CWE-416 CVE-2022-1479: Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potenti
Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1483HIGHCVSS 8.8fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1483 [HIGH] CWE-787 CVE-2022-1483: Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who
Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1494MEDIUMCVSS 6.1fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1494 [MEDIUM] CWE-79 CVE-2022-1494: Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remo
Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.
nvd
CVE-2022-1488MEDIUMCVSS 4.3fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1488 [MEDIUM] CWE-668 CVE-2022-1488: Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an at
Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
nvd