Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 80 of 199
CVE-2021-21171MEDIUMCVSS 6.5fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21171 [MEDIUM] CVE-2021-21171: Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 a
Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2021-21176MEDIUMCVSS 6.5fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21176 [MEDIUM] CVE-2021-21176: Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a re
Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2021-21185MEDIUMCVSS 4.3fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21185 [MEDIUM] CVE-2021-21185: Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an atta
Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.
nvd
CVE-2021-21182MEDIUMCVSS 6.5fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21182 [MEDIUM] CWE-863 CVE-2021-21182: Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remo
Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2021-21183MEDIUMCVSS 4.3fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21183 [MEDIUM] CWE-346 CVE-2021-21183: Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a re
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-21178MEDIUMCVSS 6.5fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21178 [MEDIUM] CVE-2021-21178: Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389
Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2021-21164MEDIUMCVSS 6.5fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21164 [MEDIUM] CWE-346 CVE-2021-21164: Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed
Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-21189MEDIUMCVSS 4.3fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21189 [MEDIUM] CVE-2021-21189: Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote
Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2021-21186MEDIUMCVSS 4.3fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21186 [MEDIUM] CWE-863 CVE-2021-21186: Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed
Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.
nvd
CVE-2021-21181MEDIUMCVSS 6.5fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21181 [MEDIUM] CWE-203 CVE-2021-21181: Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote
Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2021-21173MEDIUMCVSS 6.5fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21173 [MEDIUM] CWE-203 CVE-2021-21173: Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed
Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-21177MEDIUMCVSS 6.5fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21177 [MEDIUM] CWE-732 CVE-2021-21177: Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote
Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2021-21163MEDIUMCVSS 6.5fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21163 [MEDIUM] CWE-346 CVE-2021-21163: Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a
Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.
nvd
CVE-2021-21170MEDIUMCVSS 6.5fixed in 89.0.4389.72≥ unspecified, < 89.0.4389.722021-03-09
CVE-2021-21170 [MEDIUM] CVE-2021-21170: Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who
Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2021-21150CRITICALCVSS 9.6fixed in 88.0.4324.182≥ unspecified, < 88.0.4324.1822021-02-22
CVE-2021-21150 [CRITICAL] CWE-416 CVE-2021-21150: Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote atta
Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-21154CRITICALCVSS 9.6fixed in 88.0.4324.182≥ unspecified, < 88.0.4324.1822021-02-22
CVE-2021-21154 [CRITICAL] CWE-787 CVE-2021-21154: Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker
Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-21155CRITICALCVSS 9.6fixed in 88.0.4324.182≥ unspecified, < 88.0.4324.1822021-02-22
CVE-2021-21155 [CRITICAL] CWE-787 CVE-2021-21155: Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remot
Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-21151CRITICALCVSS 9.6fixed in 88.0.4324.182≥ unspecified, < 88.0.4324.1822021-02-22
CVE-2021-21151 [CRITICAL] CWE-416 CVE-2021-21151: Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to pote
Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-21153HIGHCVSS 8.8fixed in 88.0.4324.182≥ unspecified, < 88.0.4324.1822021-02-22
CVE-2021-21153 [HIGH] CWE-787 CVE-2021-21153: Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remo
Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2021-21157HIGHCVSS 8.8fixed in 88.0.4324.182≥ unspecified, < 88.0.4324.1822021-02-22
CVE-2021-21157 [HIGH] CWE-416 CVE-2021-21157: Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote atta
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd