Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 77 of 199
CVE-2021-21232HIGHCVSS 8.8fixed in 90.0.4430.93≥ unspecified, < 90.0.4430.932021-04-30
CVE-2021-21232 [HIGH] CWE-416 CVE-2021-21232: Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to pote
Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21227HIGHCVSS 8.8fixed in 90.0.4430.93≥ unspecified, < 90.0.4430.932021-04-30
CVE-2021-21227 [HIGH] CWE-787 CVE-2021-21227: Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21233HIGHCVSS 8.8fixed in 90.0.4430.93≥ unspecified, < 90.0.4430.932021-04-30
CVE-2021-21233 [HIGH] CWE-787 CVE-2021-21233: Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote att
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21230HIGHCVSS 8.8fixed in 90.0.4430.93≥ unspecified, < 90.0.4430.932021-04-30
CVE-2021-21230 [HIGH] CWE-843 CVE-2021-21230: Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21231HIGHCVSS 8.8fixed in 90.0.4430.93≥ unspecified, < 90.0.4430.932021-04-30
CVE-2021-21231 [HIGH] CWE-787 CVE-2021-21231: Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21229MEDIUMCVSS 6.5fixed in 90.0.4430.93≥ unspecified, < 90.0.4430.932021-04-30
CVE-2021-21229 [MEDIUM] CWE-346 CVE-2021-21229: Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remot
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
nvd
CVE-2021-21228MEDIUMCVSS 4.3fixed in 90.0.4430.93≥ unspecified, < 90.0.4430.932021-04-30
CVE-2021-21228 [MEDIUM] CWE-863 CVE-2021-21228: Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an atta
Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
nvd
CVE-2021-21226CRITICALCVSS 9.6fixed in 90.0.4430.85≥ unspecified, < 90.0.4430.852021-04-26
CVE-2021-21226 [CRITICAL] CWE-416 CVE-2021-21226: Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who ha
Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-21223CRITICALCVSS 9.6fixed in 90.0.4430.85≥ unspecified, < 90.0.4430.852021-04-26
CVE-2021-21223 [CRITICAL] CWE-190 CVE-2021-21223: Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had co
Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-21201CRITICALCVSS 9.6fixed in 90.0.4430.72≥ unspecified, < 90.0.4430.722021-04-26
CVE-2021-21201 [CRITICAL] CWE-416 CVE-2021-21201: Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who h
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-21214HIGHCVSS 8.8fixed in 90.0.4430.72≥ unspecified, < 90.0.4430.722021-04-26
CVE-2021-21214 [HIGH] CWE-416 CVE-2021-21214: Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to po
Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
nvd
CVE-2021-21202HIGHCVSS 8.6fixed in 90.0.4430.72≥ unspecified, < 90.0.4430.722021-04-26
CVE-2021-21202 [HIGH] CWE-416 CVE-2021-21202: Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convince
Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
nvd
CVE-2021-21207HIGHCVSS 8.6fixed in 90.0.4430.72≥ unspecified, < 90.0.4430.722021-04-26
CVE-2021-21207 [HIGH] CWE-416 CVE-2021-21207: Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced
Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
nvd
CVE-2021-21220HIGHCVSS 8.8KEVPoCfixed in 89.0.4389.128≥ unspecified, < 89.0.4389.1282021-04-26
CVE-2021-21220 [HIGH] CWE-787 CVE-2021-21220: Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a r
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21205HIGHCVSS 8.1fixed in 90.0.4430.72≥ unspecified, < 90.0.4430.722021-04-26
CVE-2021-21205 [HIGH] CVE-2021-21205: Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed
Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2021-21224HIGHCVSS 8.8KEVfixed in 90.0.4430.85≥ unspecified, < 90.0.4430.852021-04-26
CVE-2021-21224 [HIGH] CWE-843 CVE-2021-21224: Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arb
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
nvd
CVE-2021-21204HIGHCVSS 8.8fixed in 90.0.4430.72≥ unspecified, < 90.0.4430.722021-04-26
CVE-2021-21204 [HIGH] CWE-416 CVE-2021-21204: Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to
Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21213HIGHCVSS 8.8fixed in 90.0.4430.72≥ unspecified, < 90.0.4430.722021-04-26
CVE-2021-21213 [HIGH] CWE-416 CVE-2021-21213: Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potent
Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21206HIGHCVSS 8.8KEVfixed in 89.0.4389.128≥ unspecified, < 89.0.4389.1282021-04-26
CVE-2021-21206 [HIGH] CWE-416 CVE-2021-21206: Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potenti
Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21225HIGHCVSS 8.8fixed in 90.0.4430.85≥ unspecified, < 90.0.4430.852021-04-26
CVE-2021-21225 [HIGH] CWE-787 CVE-2021-21225: Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker t
Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd