Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 71 of 199
CVE-2021-30629HIGHCVSS 8.8fixed in 93.0.4577.82≥ unspecified, < 93.0.4577.822021-10-08
CVE-2021-30629 [HIGH] CWE-416 CVE-2021-30629: Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who h
Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-37975HIGHCVSS 8.8KEVfixed in 94.0.4606.71≥ unspecified, < 94.0.4606.712021-10-08
CVE-2021-37975 [HIGH] CWE-416 CVE-2021-37975: Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially
Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-37974HIGHCVSS 8.8fixed in 94.0.4606.71≥ unspecified, < 94.0.4606.712021-10-08
CVE-2021-37974 [HIGH] CWE-416 CVE-2021-37974: Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who
Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-37956HIGHCVSS 8.8fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37956 [HIGH] CWE-416 CVE-2021-37956: Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote att
Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-37969HIGHCVSS 7.8fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37969 [HIGH] CWE-59 CVE-2021-37969: Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 all
Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.
nvd
CVE-2021-37962HIGHCVSS 8.8fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37962 [HIGH] CWE-416 CVE-2021-37962: Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attack
Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-37972HIGHCVSS 8.8fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37972 [HIGH] CWE-125 CVE-2021-37972: Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker
Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-30628HIGHCVSS 8.8fixed in 93.0.4577.82≥ unspecified, < 93.0.4577.822021-10-08
CVE-2021-30628 [HIGH] CWE-787 CVE-2021-30628: Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to p
Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.
nvd
CVE-2021-37970HIGHCVSS 8.8fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37970 [HIGH] CWE-416 CVE-2021-37970: Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker t
Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-30625HIGHCVSS 8.8fixed in 93.0.4577.82≥ unspecified, < 93.0.4577.822021-10-08
CVE-2021-30625 [HIGH] CWE-416 CVE-2021-30625: Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who
Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-30632HIGHCVSS 8.8KEVfixed in 93.0.4577.82≥ unspecified, < 93.0.4577.822021-10-08
CVE-2021-30632 [HIGH] CWE-787 CVE-2021-30632: Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potent
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-37961HIGHCVSS 8.8fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37961 [HIGH] CWE-416 CVE-2021-37961: Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to pote
Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-37957HIGHCVSS 8.8fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37957 [HIGH] CWE-416 CVE-2021-37957: Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potenti
Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-37965MEDIUMCVSS 4.3fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37965 [MEDIUM] CVE-2021-37965: Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-37971MEDIUMCVSS 4.3fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37971 [MEDIUM] CWE-1021 CVE-2021-37971: Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote atta
Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2021-37976MEDIUMCVSS 6.5KEVfixed in 94.0.4606.71≥ unspecified, < 94.0.4606.712021-10-08
CVE-2021-37976 [MEDIUM] CWE-862 CVE-2021-37976: Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attac
Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2021-37966MEDIUMCVSS 4.3fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37966 [MEDIUM] CWE-346 CVE-2021-37966: Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowe
Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2021-30630MEDIUMCVSS 4.3fixed in 93.0.4577.82≥ unspecified, < 93.0.4577.822021-10-08
CVE-2021-30630 [MEDIUM] CWE-346 CVE-2021-30630: Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attack
Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-37968MEDIUMCVSS 4.3fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37968 [MEDIUM] CWE-203 CVE-2021-37968: Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-37967MEDIUMCVSS 4.3fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37967 [MEDIUM] CWE-346 CVE-2021-37967: Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
nvd