Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 88 of 199
CVE-2020-6541HIGHCVSS 8.8fixed in 84.0.4147.105≥ unspecified, < 84.0.4147.1052020-09-21
CVE-2020-6541 [HIGH] CWE-416 CVE-2020-6541: Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potent
Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6549HIGHCVSS 8.8fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6549 [HIGH] CWE-416 CVE-2020-6549: Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potenti
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6556HIGHCVSS 8.8fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1352020-09-21
CVE-2020-6556 [HIGH] CWE-787 CVE-2020-6556: Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacke
Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6550HIGHCVSS 8.8fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6550 [HIGH] CWE-416 CVE-2020-6550: Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to pot
Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6552HIGHCVSS 8.8fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6552 [HIGH] CWE-416 CVE-2020-6552: Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potenti
Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6540HIGHCVSS 8.8fixed in 84.0.4147.105≥ unspecified, < 84.0.4147.1052020-09-21
CVE-2020-6540 [HIGH] CWE-787 CVE-2020-6540: Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potenti
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6545HIGHCVSS 8.8fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6545 [HIGH] CWE-416 CVE-2020-6545: Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potenti
Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6555HIGHCVSS 7.6fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6555 [HIGH] CWE-125 CVE-2020-6555: Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obt
Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2020-6537HIGHCVSS 8.8fixed in 84.0.4147.105≥ unspecified, < 84.0.4147.1052020-09-21
CVE-2020-6537 [HIGH] CWE-843 CVE-2020-6537: Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute ar
Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
nvd
CVE-2020-6532HIGHCVSS 8.8fixed in 84.0.4147.105≥ unspecified, < 84.0.4147.1052020-09-21
CVE-2020-6532 [HIGH] CWE-416 CVE-2020-6532: Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentia
Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-15964HIGHCVSS 8.8fixed in 85.0.4183.121≥ unspecified, < 85.0.4183.1212020-09-21
CVE-2020-15964 [HIGH] CWE-20 CVE-2020-15964: Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attac
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6576HIGHCVSS 8.8fixed in 85.0.4183.102≥ unspecified, < 85.0.4183.1022020-09-21
CVE-2020-6576 [HIGH] CWE-416 CVE-2020-6576: Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6575HIGHCVSS 8.3fixed in 85.0.4183.102≥ unspecified, < 85.0.4183.1022020-09-21
CVE-2020-6575 [HIGH] CWE-362 CVE-2020-6575: Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised t
Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-15960HIGHCVSS 8.8fixed in 85.0.4183.121≥ unspecified, < 85.0.4183.1212020-09-21
CVE-2020-15960 [HIGH] CWE-787 CVE-2020-15960: Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2020-15965HIGHCVSS 8.8fixed in 85.0.4183.121≥ unspecified, < 85.0.4183.1212020-09-21
CVE-2020-15965 [HIGH] CWE-843 CVE-2020-15965: Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentiall
Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2020-6542HIGHCVSS 8.8fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6542 [HIGH] CWE-416 CVE-2020-6542: Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potenti
Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6546HIGHCVSS 7.8fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6546 [HIGH] CWE-59 CVE-2020-6546: Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local at
Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
nvd
CVE-2020-6570MEDIUMCVSS 4.3fixed in 85.0.4183.83≥ unspecified, < 85.0.4183.832020-09-21
CVE-2020-6570 [MEDIUM] CWE-200 CVE-2020-6570: Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to ob
Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.
nvd
CVE-2020-6566MEDIUMCVSS 6.5fixed in 85.0.4183.83≥ unspecified, < 85.0.4183.832020-09-21
CVE-2020-6566 [MEDIUM] CVE-2020-6566: Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote att
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2020-6547MEDIUMCVSS 6.5fixed in 84.0.4147.125≥ unspecified, < 84.0.4147.1252020-09-21
CVE-2020-6547 [MEDIUM] CWE-1021 CVE-2020-6547: Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to
Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page.
nvd