Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 79 of 199
CVE-2021-21193HIGHCVSS 8.8KEVfixed in 89.0.4389.90≥ unspecified, < 89.0.4389.902021-03-16
CVE-2021-21193 [HIGH] CWE-416 CVE-2021-21193: Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentia
Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21191HIGHCVSS 8.8fixed in 89.0.4389.90≥ unspecified, < 89.0.4389.902021-03-16
CVE-2021-21191 [HIGH] CWE-416 CVE-2021-21191: Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potenti
Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21165HIGHCVSS 8.8fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21165 [HIGH] CWE-362 CVE-2021-21165: Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially e
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21179HIGHCVSS 8.8fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21179 [HIGH] CWE-416 CVE-2021-21179: Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote
Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21161HIGHCVSS 8.8fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21161 [HIGH] CWE-787 CVE-2021-21161: Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21188HIGHCVSS 8.8fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21188 [HIGH] CWE-416 CVE-2021-21188: Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentia
Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21166HIGHCVSS 8.8KEVfixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21166 [HIGH] CWE-362 CVE-2021-21166: Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially e
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21174HIGHCVSS 8.8fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21174 [HIGH] CVE-2021-21174: Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote att
Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2021-21160HIGHCVSS 8.8fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21160 [HIGH] CWE-787 CVE-2021-21160: Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to
Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21169HIGHCVSS 8.8fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21169 [HIGH] CWE-787 CVE-2021-21169: Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker t
Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2021-21172HIGHCVSS 8.1fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21172 [HIGH] CVE-2021-21172: Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
nvd
CVE-2021-21180HIGHCVSS 8.8fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21180 [HIGH] CWE-416 CVE-2021-21180: Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to pot
Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21159HIGHCVSS 8.8fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21159 [HIGH] CWE-416 CVE-2021-21159: Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21167HIGHCVSS 8.8fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21167 [HIGH] CWE-416 CVE-2021-21167: Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to pote
Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21162HIGHCVSS 8.8fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21162 [HIGH] CWE-416 CVE-2021-21162: Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potenti
Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21190HIGHCVSS 8.8fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21190 [HIGH] CWE-908 CVE-2021-21190: Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obt
Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
nvd
CVE-2021-21175MEDIUMCVSS 6.5fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21175 [MEDIUM] CWE-346 CVE-2021-21175: Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remo
Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-21187MEDIUMCVSS 4.3fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21187 [MEDIUM] CVE-2021-21187: Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remo
Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2021-21168MEDIUMCVSS 6.5fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21168 [MEDIUM] CVE-2021-21168: Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote
Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2021-21184MEDIUMCVSS 4.3fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21184 [MEDIUM] CWE-346 CVE-2021-21184: Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a re
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd