Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 66 of 199
CVE-2022-0098HIGHCVSS 8.8fixed in 97.0.4692.71≥ unspecified, < 97.0.4692.712022-02-12
CVE-2022-0098 [HIGH] CWE-416 CVE-2022-0098: Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an atta
Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures.
nvd
CVE-2022-0295HIGHCVSS 8.8fixed in 97.0.4692.99≥ unspecified, < 97.0.4692.992022-02-12
CVE-2022-0295 [HIGH] CWE-416 CVE-2022-0295: Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convi
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-0096HIGHCVSS 8.8fixed in 97.0.4692.71≥ unspecified, < 97.0.4692.712022-02-12
CVE-2022-0096 [HIGH] CWE-416 CVE-2022-0096: Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potent
Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-0307HIGHCVSS 8.8fixed in 97.0.4692.99≥ unspecified, < 97.0.4692.992022-02-12
CVE-2022-0307 [HIGH] CWE-416 CVE-2022-0307: Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacke
Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-0306HIGHCVSS 8.8fixed in 97.0.4692.99≥ unspecified, < 97.0.4692.992022-02-12
CVE-2022-0306 [HIGH] CWE-787 CVE-2022-0306: Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to p
Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-0104HIGHCVSS 8.8fixed in 97.0.4692.71≥ unspecified, < 97.0.4692.712022-02-12
CVE-2022-0104 [HIGH] CWE-787 CVE-2022-0104: Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to po
Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-0297HIGHCVSS 8.8fixed in 97.0.4692.99≥ unspecified, < 97.0.4692.992022-02-12
CVE-2022-0297 [HIGH] CWE-416 CVE-2022-0297: Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potenti
Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-0115HIGHCVSS 8.8fixed in 97.0.4692.71≥ unspecified, < 97.0.4692.712022-02-12
CVE-2022-0115 [HIGH] CWE-908 CVE-2022-0115: Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to po
Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2022-0117MEDIUMCVSS 6.5fixed in 97.0.4692.71≥ unspecified, < 97.0.4692.712022-02-12
CVE-2022-0117 [MEDIUM] CWE-863 CVE-2022-0117: Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cros
Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2022-0292MEDIUMCVSS 6.5fixed in 97.0.4692.99≥ unspecified, < 97.0.4692.992022-02-12
CVE-2022-0292 [MEDIUM] CVE-2022-0292: Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remot
Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2022-0118MEDIUMCVSS 4.3fixed in 97.0.4692.71≥ unspecified, < 97.0.4692.712022-02-12
CVE-2022-0118 [MEDIUM] CVE-2022-0118: Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote att
Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2022-0109MEDIUMCVSS 6.5fixed in 97.0.4692.71≥ unspecified, < 97.0.4692.712022-02-12
CVE-2022-0109 [MEDIUM] CVE-2022-0109: Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote att
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.
nvd
CVE-2022-0291MEDIUMCVSS 6.5fixed in 97.0.4692.99≥ unspecified, < 97.0.4692.992022-02-12
CVE-2022-0291 [MEDIUM] CVE-2022-0291: Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote atta
Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
nvd
CVE-2022-0110MEDIUMCVSS 4.3fixed in 97.0.4692.71≥ unspecified, < 97.0.4692.712022-02-12
CVE-2022-0110 [MEDIUM] CWE-1021 CVE-2022-0110: Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker t
Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2022-0294MEDIUMCVSS 6.5fixed in 97.0.4692.99≥ unspecified, < 97.0.4692.992022-02-12
CVE-2022-0294 [MEDIUM] CVE-2022-0294: Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remo
Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
nvd
CVE-2022-0113MEDIUMCVSS 6.5fixed in 97.0.4692.71≥ unspecified, < 97.0.4692.712022-02-12
CVE-2022-0113 [MEDIUM] CWE-346 CVE-2022-0113: Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attack
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2022-0116MEDIUMCVSS 4.3fixed in 97.0.4692.71≥ unspecified, < 97.0.4692.712022-02-12
CVE-2022-0116 [MEDIUM] CVE-2022-0116: Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote
Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2022-0120MEDIUMCVSS 6.5fixed in 97.0.4692.71≥ unspecified, < 97.0.4692.712022-02-12
CVE-2022-0120 [MEDIUM] CWE-346 CVE-2022-0120: Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote at
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.
nvd
CVE-2022-0309MEDIUMCVSS 6.5fixed in 97.0.4692.99≥ unspecified, < 97.0.4692.992022-02-12
CVE-2022-0309 [MEDIUM] CWE-863 CVE-2022-0309: Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote att
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2022-0305MEDIUMCVSS 6.5fixed in 97.0.4692.99≥ unspecified, < 97.0.4692.992022-02-12
CVE-2022-0305 [MEDIUM] CVE-2022-0305: Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a
Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
nvd