Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 72 of 199
CVE-2021-37963MEDIUMCVSS 4.3fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37963 [MEDIUM] CVE-2021-37963: Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote
Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page.
nvd
CVE-2021-37958MEDIUMCVSS 5.4fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37958 [MEDIUM] CVE-2021-37958: Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed
Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
nvd
CVE-2021-37964LOWCVSS 3.3fixed in 94.0.4606.54≥ unspecified, < 94.0.4606.542021-10-08
CVE-2021-37964 [LOW] CVE-2021-37964: Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.
Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.
nvd
CVE-2021-30605HIGHCVSS 7.8≥ unspecified, < 1.0.2.02021-09-08
CVE-2021-30605 [HIGH] CWE-287 CVE-2021-30605: Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 lo
Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.
nvd
CVE-2021-30598HIGHCVSS 8.8fixed in 92.0.4515.159≥ unspecified, < 92.0.4515.1592021-08-26
CVE-2021-30598 [HIGH] CWE-843 CVE-2021-30598: Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute ar
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
nvd
CVE-2021-30604HIGHCVSS 8.8fixed in 92.0.4515.159≥ unspecified, < 92.0.4515.1592021-08-26
CVE-2021-30604 [HIGH] CWE-416 CVE-2021-30604: Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potenti
Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-30599HIGHCVSS 8.8fixed in 92.0.4515.159≥ unspecified, < 92.0.4515.1592021-08-26
CVE-2021-30599 [HIGH] CWE-843 CVE-2021-30599: Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute ar
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
nvd
CVE-2021-30602HIGHCVSS 8.8fixed in 92.0.4515.159≥ unspecified, < 92.0.4515.1592021-08-26
CVE-2021-30602 [HIGH] CWE-416 CVE-2021-30602: Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a
Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-30603HIGHCVSS 7.5fixed in 92.0.4515.159≥ unspecified, < 92.0.4515.1592021-08-26
CVE-2021-30603 [HIGH] CWE-362 CVE-2021-30603: Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potential
Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-30593HIGHCVSS 8.1fixed in 92.0.4515.131≥ unspecified, < 92.0.4515.1312021-08-26
CVE-2021-30593 [HIGH] CWE-125 CVE-2021-30593: Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who conv
Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.
nvd
CVE-2021-30592HIGHCVSS 8.8fixed in 92.0.4515.131≥ unspecified, < 92.0.4515.1312021-08-26
CVE-2021-30592 [HIGH] CWE-787 CVE-2021-30592: Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who co
Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.
nvd
CVE-2021-30601HIGHCVSS 8.8fixed in 92.0.4515.159≥ unspecified, < 92.0.4515.1592021-08-26
CVE-2021-30601 [HIGH] CWE-416 CVE-2021-30601: Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who con
Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-30590HIGHCVSS 8.8fixed in 92.0.4515.131≥ unspecified, < 92.0.4515.1312021-08-26
CVE-2021-30590 [HIGH] CWE-787 CVE-2021-30590: Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker
Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-30600HIGHCVSS 8.8fixed in 92.0.4515.159≥ unspecified, < 92.0.4515.1592021-08-26
CVE-2021-30600 [HIGH] CWE-416 CVE-2021-30600: Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had
Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-30591HIGHCVSS 8.8fixed in 92.0.4515.131≥ unspecified, < 92.0.4515.1312021-08-26
CVE-2021-30591 [HIGH] CWE-416 CVE-2021-30591: Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker
Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-30594MEDIUMCVSS 6.8fixed in 92.0.4515.131≥ unspecified, < 92.0.4515.1312021-08-26
CVE-2021-30594 [MEDIUM] CWE-416 CVE-2021-30594: Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to
Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.
nvd
CVE-2021-30597MEDIUMCVSS 6.8fixed in 92.0.4515.131≥ unspecified, < 92.0.4515.1312021-08-26
CVE-2021-30597 [MEDIUM] CWE-416 CVE-2021-30597: Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote atta
Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.
nvd
CVE-2021-30596MEDIUMCVSS 4.3fixed in 92.0.4515.131≥ unspecified, < 92.0.4515.1312021-08-26
CVE-2021-30596 [MEDIUM] CWE-346 CVE-2021-30596: Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a rem
Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2021-30571CRITICALCVSS 9.6fixed in 92.0.4515.107≥ unspecified, < 92.0.4515.1072021-08-03
CVE-2021-30571 [CRITICAL] CWE-863 CVE-2021-30571: Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attac
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-30585HIGHCVSS 8.8fixed in 92.0.4515.107≥ unspecified, < 92.0.4515.1072021-08-03
CVE-2021-30585 [HIGH] CWE-416 CVE-2021-30585: Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remot
Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd