Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 85 of 199
CVE-2020-16032MEDIUMCVSS 4.3fixed in 87.0.4280.66≥ unspecified, < 87.0.4280.662021-01-08
CVE-2020-16032 [MEDIUM] CWE-1021 CVE-2020-16032: Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote atta
Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2020-16034MEDIUMCVSS 4.3fixed in 87.0.4280.66≥ unspecified, < 87.0.4280.662021-01-08
CVE-2020-16034 [MEDIUM] CVE-2020-16034: Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attack
Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attacker to bypass policy restrictions via a crafted HTML page.
nvd
CVE-2020-15999CRITICALCVSS 9.6KEVfixed in 86.0.4240.111≥ unspecified, < 86.0.4240.1112020-11-03
CVE-2020-15999 [CRITICAL] CWE-787 CVE-2020-15999: Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker t
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-16011CRITICALCVSS 9.6fixed in 86.0.4240.183≥ unspecified, < 86.0.4240.1832020-11-03
CVE-2020-16011 [CRITICAL] CWE-787 CVE-2020-16011: Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attac
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-15993CRITICALCVSS 9.8fixed in 86.0.4240.99≥ unspecified, < 86.0.4240.992020-11-03
CVE-2020-15993 [CRITICAL] CWE-416 CVE-2020-15993: Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to poten
Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-16010CRITICALCVSS 9.6KEVfixed in 86.0.4240.185≥ unspecified, < 86.0.4240.1852020-11-03
CVE-2020-16010 [CRITICAL] CWE-787 CVE-2020-16010: Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attac
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-15983HIGHCVSS 7.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15983 [HIGH] CWE-20 CVE-2020-15983: Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a l
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
nvd
CVE-2020-15969HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15969 [HIGH] CWE-416 CVE-2020-15969: Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potenti
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-15991HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15991 [HIGH] CWE-416 CVE-2020-15991: Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker
Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-16004HIGHCVSS 8.8fixed in 86.0.4240.183≥ unspecified, < 86.0.4240.1832020-11-03
CVE-2020-16004 [HIGH] CWE-416 CVE-2020-16004: Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker t
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-15968HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15968 [HIGH] CWE-416 CVE-2020-15968: Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentia
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-15974HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15974 [HIGH] CWE-190 CVE-2020-15974: Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass
Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
nvd
CVE-2020-16003HIGHCVSS 8.8fixed in 86.0.4240.111≥ unspecified, < 86.0.4240.1112020-11-03
CVE-2020-16003 [HIGH] CWE-416 CVE-2020-16003: Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to pote
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-15990HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15990 [HIGH] CWE-416 CVE-2020-15990: Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had
Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-16002HIGHCVSS 8.8fixed in 86.0.4240.111≥ unspecified, < 86.0.4240.1112020-11-03
CVE-2020-16002 [HIGH] CWE-416 CVE-2020-16002: Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potent
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2020-15998HIGHCVSS 8.8fixed in 86.0.4240.99≥ unspecified, < 86.0.4240.992020-11-03
CVE-2020-15998 [HIGH] CWE-416 CVE-2020-15998: Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compr
Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-15975HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15975 [HIGH] CWE-190 CVE-2020-15975: Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-15978HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15978 [HIGH] CWE-20 CVE-2020-15978: Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed
Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2020-16005HIGHCVSS 8.8fixed in 86.0.4240.183≥ unspecified, < 86.0.4240.1832020-11-03
CVE-2020-16005 [HIGH] CWE-755 CVE-2020-16005: Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote at
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-15970HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15970 [HIGH] CWE-416 CVE-2020-15970: Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compr
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd