Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 68 of 199
CVE-2021-4056HIGHCVSS 8.8fixed in 96.0.4664.93≥ unspecified, < 96.0.4664.932021-12-23
CVE-2021-4056 [HIGH] CWE-843 CVE-2021-4056: Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potenti
Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-38005HIGHCVSS 8.8fixed in 96.0.4664.45≥ unspecified, < 96.0.4664.452021-12-23
CVE-2021-38005 [HIGH] CWE-416 CVE-2021-38005: Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potenti
Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-4078HIGHCVSS 8.8fixed in 96.0.4664.93≥ unspecified, < 96.0.4664.932021-12-23
CVE-2021-4078 [HIGH] CWE-843 CVE-2021-4078: Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially
Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-38008HIGHCVSS 8.8fixed in 96.0.4664.45≥ unspecified, < 96.0.4664.452021-12-23
CVE-2021-38008 [HIGH] CWE-416 CVE-2021-38008: Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentia
Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-4063HIGHCVSS 8.8fixed in 96.0.4664.93≥ unspecified, < 96.0.4664.932021-12-23
CVE-2021-4063 [HIGH] CWE-416 CVE-2021-4063: Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker t
Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-4053HIGHCVSS 8.8fixed in 96.0.4664.93≥ unspecified, < 96.0.4664.932021-12-23
CVE-2021-4053 [HIGH] CWE-416 CVE-2021-4053: Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to po
Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-4067HIGHCVSS 8.8fixed in 96.0.4664.93≥ unspecified, < 96.0.4664.932021-12-23
CVE-2021-4067 [HIGH] CWE-416 CVE-2021-4067: Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote
Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-4058HIGHCVSS 8.8fixed in 96.0.4664.93≥ unspecified, < 96.0.4664.932021-12-23
CVE-2021-4058 [HIGH] CWE-787 CVE-2021-4058: Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to po
Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-4079HIGHCVSS 8.8fixed in 96.0.4664.93≥ unspecified, < 96.0.4664.932021-12-23
CVE-2021-4079 [HIGH] CWE-787 CVE-2021-4079: Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to po
Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.
nvd
CVE-2021-38006HIGHCVSS 8.8fixed in 96.0.4664.45≥ unspecified, < 96.0.4664.452021-12-23
CVE-2021-38006 [HIGH] CWE-416 CVE-2021-38006: Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacke
Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-4066HIGHCVSS 8.8fixed in 96.0.4664.93≥ unspecified, < 96.0.4664.932021-12-23
CVE-2021-4066 [HIGH] CWE-191 CVE-2021-4066: Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to poten
Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-4057HIGHCVSS 8.8fixed in 96.0.4664.93≥ unspecified, < 96.0.4664.932021-12-23
CVE-2021-4057 [HIGH] CWE-416 CVE-2021-4057: Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had
Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-38012HIGHCVSS 8.8fixed in 96.0.4664.45≥ unspecified, < 96.0.4664.452021-12-23
CVE-2021-38012 [HIGH] CWE-843 CVE-2021-38012: Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-4065HIGHCVSS 8.8fixed in 96.0.4664.93≥ unspecified, < 96.0.4664.932021-12-23
CVE-2021-4065 [HIGH] CWE-416 CVE-2021-4065: Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to poten
Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-38020MEDIUMCVSS 4.3fixed in 96.0.4664.45≥ unspecified, < 96.0.4664.452021-12-23
CVE-2021-38020 [MEDIUM] CVE-2021-38020: Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45
Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2021-38021MEDIUMCVSS 6.5fixed in 96.0.4664.45≥ unspecified, < 96.0.4664.452021-12-23
CVE-2021-38021 [MEDIUM] CVE-2021-38021: Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote att
Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2021-4068MEDIUMCVSS 6.5fixed in 96.0.4664.93≥ unspecified, < 96.0.4664.932021-12-23
CVE-2021-4068 [MEDIUM] CWE-116 CVE-2021-4068: Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote
Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-38019MEDIUMCVSS 6.5fixed in 96.0.4664.45≥ unspecified, < 96.0.4664.452021-12-23
CVE-2021-38019 [MEDIUM] CWE-670 CVE-2021-38019: Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote atta
Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-4054MEDIUMCVSS 6.5fixed in 96.0.4664.93≥ unspecified, < 96.0.4664.932021-12-23
CVE-2021-4054 [MEDIUM] CVE-2021-4054: Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker t
Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
nvd
CVE-2021-38022MEDIUMCVSS 6.5fixed in 96.0.4664.45≥ unspecified, < 96.0.4664.452021-12-23
CVE-2021-38022 [MEDIUM] CVE-2021-38022: Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a r
Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd