Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 86 of 199
CVE-2020-15967HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15967 [HIGH] CWE-416 CVE-2020-15967: Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to poten
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-15987HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15987 [HIGH] CWE-416 CVE-2020-15987: Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potenti
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.
nvd
CVE-2020-15994HIGHCVSS 8.8fixed in 86.0.4240.99≥ unspecified, < 86.0.4240.992020-11-03
CVE-2020-15994 [HIGH] CWE-416 CVE-2020-15994: Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially
Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-15971HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15971 [HIGH] CWE-416 CVE-2020-15971: Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-15976HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15976 [HIGH] CWE-416 CVE-2020-15976: Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-16009HIGHCVSS 8.8KEVfixed in 86.0.4240.183≥ unspecified, < 86.0.4240.1832020-11-03
CVE-2020-16009 [HIGH] CWE-787 CVE-2020-16009: Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-16000HIGHCVSS 8.8fixed in 86.0.4240.111≥ unspecified, < 86.0.4240.1112020-11-03
CVE-2020-16000 [HIGH] CWE-787 CVE-2020-16000: Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attac
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-16007HIGHCVSS 7.8fixed in 86.0.4240.183≥ unspecified, < 86.0.4240.1832020-11-03
CVE-2020-16007 [HIGH] CWE-59 CVE-2020-16007: Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local at
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
nvd
CVE-2020-15995HIGHCVSS 8.8fixed in 86.0.4240.99≥ unspecified, < 86.0.4240.992020-11-03
CVE-2020-15995 [HIGH] CWE-787 CVE-2020-15995: Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potent
Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-15996HIGHCVSS 8.8fixed in 86.0.4240.99≥ unspecified, < 86.0.4240.992020-11-03
CVE-2020-15996 [HIGH] CWE-416 CVE-2020-15996: Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had
Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-16001HIGHCVSS 8.8fixed in 86.0.4240.111≥ unspecified, < 86.0.4240.1112020-11-03
CVE-2020-16001 [HIGH] CWE-416 CVE-2020-16001: Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potenti
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-15972HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15972 [HIGH] CWE-416 CVE-2020-15972: Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentia
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-16008HIGHCVSS 8.8fixed in 86.0.4240.183≥ unspecified, < 86.0.4240.1832020-11-03
CVE-2020-16008 [HIGH] CWE-787 CVE-2020-16008: Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
nvd
CVE-2020-16006HIGHCVSS 8.8fixed in 86.0.4240.183≥ unspecified, < 86.0.4240.1832020-11-03
CVE-2020-16006 [HIGH] CWE-787 CVE-2020-16006: Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-15979HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15979 [HIGH] CWE-787 CVE-2020-15979: Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-15997HIGHCVSS 8.8fixed in 86.0.4240.99≥ unspecified, < 86.0.4240.992020-11-03
CVE-2020-15997 [HIGH] CWE-416 CVE-2020-15997: Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had comp
Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-15992HIGHCVSS 8.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15992 [HIGH] CVE-2020-15992: Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remot
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
nvd
CVE-2020-15980HIGHCVSS 7.8fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15980 [HIGH] CVE-2020-15980: Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.
nvd
CVE-2020-15984MEDIUMCVSS 6.5fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15984 [MEDIUM] CVE-2020-15984: Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a r
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.
nvd
CVE-2020-15981MEDIUMCVSS 6.5fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15981 [MEDIUM] CWE-125 CVE-2020-15981: Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obta
Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd