Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 60 of 199
CVE-2022-1497MEDIUMCVSS 6.5fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1497 [MEDIUM] CWE-346 CVE-2022-1497: Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attac
Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.
nvd
CVE-2022-1492MEDIUMCVSS 6.1fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1492 [MEDIUM] CWE-79 CVE-2022-1492: Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remo
Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.
nvd
CVE-2022-1499MEDIUMCVSS 6.3fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1499 [MEDIUM] CWE-863 CVE-2022-1499: Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a
Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
nvd
CVE-2022-1637MEDIUMCVSS 4.3fixed in 101.0.4951.64≥ unspecified, < 101.0.4951.642022-07-26
CVE-2022-1637 [MEDIUM] CWE-668 CVE-2022-1637: Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remot
Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2022-1500MEDIUMCVSS 6.5fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1500 [MEDIUM] CWE-20 CVE-2022-1500: Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote a
Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page.
nvd
CVE-2022-1495MEDIUMCVSS 4.3fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1495 [MEDIUM] CWE-290 CVE-2022-1495: Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remo
Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page.
nvd
CVE-2022-1498MEDIUMCVSS 4.3fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1498 [MEDIUM] CWE-668 CVE-2022-1498: Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote
Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2022-1482MEDIUMCVSS 6.5fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1482 [MEDIUM] CWE-787 CVE-2022-1482: Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attac
Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1501MEDIUMCVSS 6.5fixed in 101.0.4951.41≥ unspecified, < 101.0.4951.412022-07-26
CVE-2022-1501 [MEDIUM] CWE-668 CVE-2022-1501: Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote atta
Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2022-1312CRITICALCVSS 9.6fixed in 100.0.4896.88≥ unspecified, < 100.0.4896.882022-07-25
CVE-2022-1312 [CRITICAL] CWE-416 CVE-2022-1312: Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
nvd
CVE-2022-1309CRITICALCVSS 9.6fixed in 100.0.4896.88≥ unspecified, < 100.0.4896.882022-07-25
CVE-2022-1309 [CRITICAL] CWE-863 CVE-2022-1309: Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2022-1305HIGHCVSS 8.8fixed in 100.0.4896.88≥ unspecified, < 100.0.4896.882022-07-25
CVE-2022-1305 [HIGH] CWE-416 CVE-2022-1305: Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to poten
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1308HIGHCVSS 8.8fixed in 100.0.4896.88≥ unspecified, < 100.0.4896.882022-07-25
CVE-2022-1308 [HIGH] CWE-416 CVE-2022-1308: Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to poten
Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1310HIGHCVSS 8.8fixed in 100.0.4896.88≥ unspecified, < 100.0.4896.882022-07-25
CVE-2022-1310 [HIGH] CWE-416 CVE-2022-1310: Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attac
Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1232HIGHCVSS 8.8fixed in 100.0.4896.75≥ unspecified, < 100.0.4896.752022-07-25
CVE-2022-1232 [HIGH] CWE-843 CVE-2022-1232: Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentiall
Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1311HIGHCVSS 8.8fixed in 100.0.4896.88≥ unspecified, < 100.0.4896.882022-07-25
CVE-2022-1311 [HIGH] CWE-416 CVE-2022-1311: Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacke
Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1313HIGHCVSS 8.8fixed in 100.0.4896.88≥ unspecified, < 100.0.4896.882022-07-25
CVE-2022-1313 [HIGH] CWE-416 CVE-2022-1313: Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to po
Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1314HIGHCVSS 8.8fixed in 100.0.4896.88≥ unspecified, < 100.0.4896.882022-07-25
CVE-2022-1314 [HIGH] CWE-843 CVE-2022-1314: Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentiall
Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-1307MEDIUMCVSS 4.3fixed in 100.0.4896.88≥ unspecified, < 100.0.4896.882022-07-25
CVE-2022-1307 [MEDIUM] CWE-290 CVE-2022-1307: Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allow
Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2022-1306MEDIUMCVSS 4.3fixed in 100.0.4896.88≥ unspecified, < 100.0.4896.882022-07-25
CVE-2022-1306 [MEDIUM] CWE-290 CVE-2022-1306: Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote
Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd