Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 87 of 199
CVE-2020-15989MEDIUMCVSS 5.5fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15989 [MEDIUM] CWE-908 CVE-2020-15989: Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obt
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
nvd
CVE-2020-15973MEDIUMCVSS 6.5fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15973 [MEDIUM] CVE-2020-15973: Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an atta
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.
nvd
CVE-2020-15988MEDIUMCVSS 6.3fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15988 [MEDIUM] CVE-2020-15988: Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allow
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
nvd
CVE-2020-6557MEDIUMCVSS 6.5fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-6557 [MEDIUM] CVE-2020-6557: Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote a
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
nvd
CVE-2020-15986MEDIUMCVSS 6.5fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15986 [MEDIUM] CWE-190 CVE-2020-15986: Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potent
Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-15985MEDIUMCVSS 6.5fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15985 [MEDIUM] CVE-2020-15985: Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attack
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
nvd
CVE-2020-15982MEDIUMCVSS 6.5fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15982 [MEDIUM] CVE-2020-15982: Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attack
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2020-15977MEDIUMCVSS 6.5fixed in 86.0.4240.75≥ unspecified, < 86.0.4240.752020-11-03
CVE-2020-15977 [MEDIUM] CWE-20 CVE-2020-15977: Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a rem
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
nvd
CVE-2020-15961CRITICALCVSS 9.6fixed in 85.0.4183.121≥ unspecified, < 85.0.4183.1212020-09-21
CVE-2020-15961 [CRITICAL] CVE-2020-15961: Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an atta
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
nvd
CVE-2020-6573CRITICALCVSS 9.6fixed in 85.0.4183.102≥ unspecified, < 85.0.4183.1022020-09-21
CVE-2020-6573 [CRITICAL] CWE-416 CVE-2020-6573: Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-15963CRITICALCVSS 9.6fixed in 85.0.4183.121≥ unspecified, < 85.0.4183.1212020-09-21
CVE-2020-15963 [CRITICAL] CVE-2020-15963: Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an att
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
nvd
CVE-2020-6553HIGHCVSS 8.8fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6553 [HIGH] CWE-416 CVE-2020-6553: Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attac
Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6554HIGHCVSS 8.6fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6554 [HIGH] CWE-416 CVE-2020-6554: Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to po
Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
nvd
CVE-2020-6544HIGHCVSS 8.8fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6544 [HIGH] CWE-416 CVE-2020-6544: Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potenti
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6539HIGHCVSS 8.8fixed in 84.0.4147.105≥ unspecified, < 84.0.4147.1052020-09-21
CVE-2020-6539 [HIGH] CWE-416 CVE-2020-6539: Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potential
Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6574HIGHCVSS 7.8fixed in 85.0.4183.102≥ unspecified, < 85.0.4183.1022020-09-21
CVE-2020-6574 [HIGH] CVE-2020-6574: Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.
nvd
CVE-2020-15962HIGHCVSS 8.8fixed in 85.0.4183.121≥ unspecified, < 85.0.4183.1212020-09-21
CVE-2020-15962 [HIGH] CVE-2020-15962: Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote at
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2020-6551HIGHCVSS 8.8fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6551 [HIGH] CWE-416 CVE-2020-6551: Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potenti
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6543HIGHCVSS 8.8fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6543 [HIGH] CWE-416 CVE-2020-6543: Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker
Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6548HIGHCVSS 8.8fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6548 [HIGH] CWE-787 CVE-2020-6548: Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who h
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd