Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 64 of 199
CVE-2022-0465HIGHCVSS 8.8fixed in 98.0.4758.80≥ unspecified, < 98.0.4758.802022-04-05
CVE-2022-0465 [HIGH] CWE-416 CVE-2022-0465: Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to pot
Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction.
nvd
CVE-2022-0468HIGHCVSS 8.8fixed in 98.0.4758.80≥ unspecified, < 98.0.4758.802022-04-05
CVE-2022-0468 [HIGH] CWE-416 CVE-2022-0468: Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to poten
Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-0457HIGHCVSS 8.8fixed in 98.0.4758.80≥ unspecified, < 98.0.4758.802022-04-05
CVE-2022-0457 [HIGH] CWE-843 CVE-2022-0457: Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially
Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-0460HIGHCVSS 8.8fixed in 98.0.4758.80≥ unspecified, < 98.0.4758.802022-04-05
CVE-2022-0460 [HIGH] CWE-416 CVE-2022-0460: Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker t
Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-0793HIGHCVSS 8.8fixed in 99.0.4844.51≥ unspecified, < 99.0.4844.512022-04-05
CVE-2022-0793 [HIGH] CWE-416 CVE-2022-0793: Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a us
Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension.
nvd
CVE-2022-0608HIGHCVSS 8.8fixed in 98.0.4758.102≥ unspecified, < 98.0.4758.1022022-04-05
CVE-2022-0608 [HIGH] CWE-190 CVE-2022-0608: Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potent
Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-0454HIGHCVSS 8.8fixed in 98.0.4758.80≥ unspecified, < 98.0.4758.802022-04-05
CVE-2022-0454 [HIGH] CWE-787 CVE-2022-0454: Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to po
Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-0463HIGHCVSS 8.8fixed in 98.0.4758.80≥ unspecified, < 98.0.4758.802022-04-05
CVE-2022-0463 [HIGH] CWE-416 CVE-2022-0463: Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who
Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
nvd
CVE-2022-0607HIGHCVSS 8.8fixed in 98.0.4758.102≥ unspecified, < 98.0.4758.1022022-04-05
CVE-2022-0607 [HIGH] CWE-416 CVE-2022-0607: Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potential
Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-0806MEDIUMCVSS 6.5fixed in 99.0.4844.51≥ unspecified, < 99.0.4844.512022-04-05
CVE-2022-0806 [MEDIUM] CWE-125 CVE-2022-0806: Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a
Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.
nvd
CVE-2022-0803MEDIUMCVSS 6.5fixed in 99.0.4844.51≥ unspecified, < 99.0.4844.512022-04-05
CVE-2022-0803 [MEDIUM] CVE-2022-0803: Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2022-0792MEDIUMCVSS 6.5fixed in 99.0.4844.51≥ unspecified, < 99.0.4844.512022-04-05
CVE-2022-0792 [MEDIUM] CWE-125 CVE-2022-0792: Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to pote
Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-0455MEDIUMCVSS 6.5fixed in 98.0.4758.80≥ unspecified, < 98.0.4758.802022-04-05
CVE-2022-0455 [MEDIUM] CWE-1021 CVE-2022-0455: Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 a
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2022-0462MEDIUMCVSS 6.5fixed in 98.0.4758.80≥ unspecified, < 98.0.4758.802022-04-05
CVE-2022-0462 [MEDIUM] CVE-2022-0462: Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attac
Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2022-0461MEDIUMCVSS 6.5fixed in 98.0.4758.80≥ unspecified, < 98.0.4758.802022-04-05
CVE-2022-0461 [MEDIUM] CVE-2022-0461: Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass ifr
Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page.
nvd
CVE-2022-0807MEDIUMCVSS 6.5fixed in 99.0.4844.51≥ unspecified, < 99.0.4844.512022-04-05
CVE-2022-0807 [MEDIUM] CVE-2022-0807: Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote att
Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2022-0802MEDIUMCVSS 6.5fixed in 99.0.4844.51≥ unspecified, < 99.0.4844.512022-04-05
CVE-2022-0802 [MEDIUM] CVE-2022-0802: Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 a
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2022-0804MEDIUMCVSS 6.5fixed in 99.0.4844.51≥ unspecified, < 99.0.4844.512022-04-05
CVE-2022-0804 [MEDIUM] CVE-2022-0804: Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 a
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2022-0097CRITICALCVSS 9.6fixed in 97.0.4692.71≥ unspecified, < 97.0.4692.712022-02-12
CVE-2022-0097 [CRITICAL] CVE-2022-0097: Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker
Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.
nvd
CVE-2022-0290CRITICALCVSS 9.6fixed in 97.0.4692.99≥ unspecified, < 97.0.4692.992022-02-12
CVE-2022-0290 [CRITICAL] CWE-416 CVE-2022-0290: Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
nvd