Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 90 of 199
CVE-2020-6518HIGHCVSS 8.8fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6518 [HIGH] CWE-416 CVE-2020-6518: Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker w
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6523HIGHCVSS 8.8fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6523 [HIGH] CWE-190 CVE-2020-6523: Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to pote
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6512HIGHCVSS 8.8fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6512 [HIGH] CWE-787 CVE-2020-6512: Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6517HIGHCVSS 8.8fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6517 [HIGH] CWE-787 CVE-2020-6517: Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6510HIGHCVSS 7.8fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6510 [HIGH] CWE-787 CVE-2020-6510: Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote att
Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6530HIGHCVSS 8.8fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6530 [HIGH] CWE-787 CVE-2020-6530: Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an att
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
nvd
CVE-2020-6513HIGHCVSS 8.8fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6513 [HIGH] CWE-787 CVE-2020-6513: Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to p
Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2020-6525HIGHCVSS 8.8fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6525 [HIGH] CWE-787 CVE-2020-6525: Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to pot
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6524HIGHCVSS 8.8fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6524 [HIGH] CWE-787 CVE-2020-6524: Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6534HIGHCVSS 8.8fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6534 [HIGH] CWE-787 CVE-2020-6534: Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to p
Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6533HIGHCVSS 8.8fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6533 [HIGH] CWE-787 CVE-2020-6533: Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6516MEDIUMCVSS 4.3fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6516 [MEDIUM] CVE-2020-6516: Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross
Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2020-6526MEDIUMCVSS 6.5fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6526 [MEDIUM] CVE-2020-6526: Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remo
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2020-6536MEDIUMCVSS 4.3fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6536 [MEDIUM] CVE-2020-6536: Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who h
Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.
nvd
CVE-2020-6527MEDIUMCVSS 4.3fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6527 [MEDIUM] CWE-276 CVE-2020-6527: Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attac
Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
nvd
CVE-2020-6531MEDIUMCVSS 4.3fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6531 [MEDIUM] CWE-203 CVE-2020-6531: Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2020-6535MEDIUMCVSS 6.1fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6535 [MEDIUM] CWE-79 CVE-2020-6535: Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attack
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.
nvd
CVE-2020-6511MEDIUMCVSS 6.5fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6511 [MEDIUM] CWE-209 CVE-2020-6511: Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote
Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2020-6519MEDIUMCVSS 6.5PoCfixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6519 [MEDIUM] CVE-2020-6519: Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass cont
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
nvd
CVE-2020-6529MEDIUMCVSS 4.3fixed in 84.0.4147.89≥ unspecified, < 84.0.4147.892020-07-22
CVE-2020-6529 [MEDIUM] CWE-295 CVE-2020-6529: Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.
nvd