Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 82 of 199
CVE-2020-16044HIGHCVSS 8.8fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2020-16044 [HIGH] CWE-416 CVE-2020-16044: Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potenti
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
nvd
CVE-2021-21143HIGHCVSS 8.8fixed in 88.0.4324.146≥ unspecified, < 88.0.4324.1462021-02-09
CVE-2021-21143 [HIGH] CWE-787 CVE-2021-21143: Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who c
Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
nvd
CVE-2021-21139MEDIUMCVSS 6.5fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2021-21139 [MEDIUM] CWE-1021 CVE-2021-21139: Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remo
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2021-21134MEDIUMCVSS 6.5fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2021-21134 [MEDIUM] CWE-290 CVE-2021-21134: Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote at
Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.
nvd
CVE-2021-21140MEDIUMCVSS 6.8fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2021-21140 [MEDIUM] CWE-119 CVE-2021-21140: Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentia
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.
nvd
CVE-2021-21123MEDIUMCVSS 6.5fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2021-21123 [MEDIUM] CWE-20 CVE-2021-21123: Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a rem
Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
nvd
CVE-2021-21147MEDIUMCVSS 4.3fixed in 88.0.4324.146≥ unspecified, < 88.0.4324.1462021-02-09
CVE-2021-21147 [MEDIUM] CVE-2021-21147: Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacke
Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2021-21135MEDIUMCVSS 6.5fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2021-21135 [MEDIUM] CWE-346 CVE-2021-21135: Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a rem
Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-21133MEDIUMCVSS 6.5fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2021-21133 [MEDIUM] CVE-2021-21133: Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attac
Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2021-21130MEDIUMCVSS 6.5fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2021-21130 [MEDIUM] CVE-2021-21130: Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
nvd
CVE-2021-21137MEDIUMCVSS 6.5fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2021-21137 [MEDIUM] CWE-74 CVE-2021-21137: Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote att
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
nvd
CVE-2021-21141MEDIUMCVSS 6.5fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2021-21141 [MEDIUM] CWE-74 CVE-2021-21141: Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.
nvd
CVE-2021-21131MEDIUMCVSS 6.5fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2021-21131 [MEDIUM] CWE-59 CVE-2021-21131: Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
nvd
CVE-2021-21136MEDIUMCVSS 6.5fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2021-21136 [MEDIUM] CWE-346 CVE-2021-21136: Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-21126MEDIUMCVSS 6.5fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2021-21126 [MEDIUM] CWE-20 CVE-2021-21126: Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remot
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
nvd
CVE-2021-21129MEDIUMCVSS 6.5fixed in 88.0.4324.96≥ unspecified, < 88.0.4324.962021-02-09
CVE-2021-21129 [MEDIUM] CVE-2021-21129: Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
nvd
CVE-2020-16045CRITICALCVSS 9.6fixed in 87.0.4280.66≥ unspecified, < 87.0.4280.662021-01-14
CVE-2020-16045 [CRITICAL] CWE-416 CVE-2020-16045: Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attack
Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-6572HIGHCVSS 8.8KEVfixed in 81.0.4044.92≥ unspecified, < 81.0.4044.922021-01-14
CVE-2020-6572 [HIGH] CWE-416 CVE-2020-6572: Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
nvd
CVE-2020-16046MEDIUMCVSS 6.1fixed in 84.0.4147.105≥ unspecified, < 84.0.4147.1052021-01-14
CVE-2020-16046 [MEDIUM] CWE-79 CVE-2020-16046: Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker
Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
nvd
CVE-2020-16014CRITICALCVSS 9.6fixed in 87.0.4280.66≥ unspecified, < 87.0.4280.662021-01-08
CVE-2020-16014 [CRITICAL] CWE-416 CVE-2020-16014: Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had com
Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd