Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 92 of 199
CVE-2020-6461CRITICALCVSS 9.6fixed in 81.0.4044.129≥ unspecified, < 81.0.4044.1292020-05-21
CVE-2020-6461 [CRITICAL] CWE-416 CVE-2020-6461: Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had
Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-6462CRITICALCVSS 9.6fixed in 81.0.4044.129≥ unspecified, < 81.0.4044.1292020-05-21
CVE-2020-6462 [CRITICAL] CWE-416 CVE-2020-6462: Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-6457CRITICALCVSS 9.6fixed in 81.0.4044.113≥ unspecified, < 81.0.4044.1132020-05-21
CVE-2020-6457 [CRITICAL] CWE-416 CVE-2020-6457: Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacke
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-6466CRITICALCVSS 9.6fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6466 [CRITICAL] CWE-416 CVE-2020-6466: Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had com
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-6469CRITICALCVSS 9.6fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6469 [CRITICAL] CWE-276 CVE-2020-6469: Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
nvd
CVE-2020-6465CRITICALCVSS 9.6fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6465 [CRITICAL] CWE-416 CVE-2020-6465: Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote att
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-6471CRITICALCVSS 9.6fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6471 [CRITICAL] CWE-276 CVE-2020-6471: Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
nvd
CVE-2020-6459HIGHCVSS 8.8fixed in 81.0.4044.122≥ unspecified, < 81.0.4044.1222020-05-21
CVE-2020-6459 [HIGH] CWE-416 CVE-2020-6459: Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to pote
Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6458HIGHCVSS 8.8fixed in 81.0.4044.122≥ unspecified, < 81.0.4044.1222020-05-21
CVE-2020-6458 [HIGH] CWE-125 CVE-2020-6458: Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote atta
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2020-6467HIGHCVSS 8.8fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6467 [HIGH] CWE-416 CVE-2020-6467: Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potenti
Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6474HIGHCVSS 8.8fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6474 [HIGH] CWE-416 CVE-2020-6474: Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentia
Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6464HIGHCVSS 8.8fixed in 81.0.4044.138≥ unspecified, < 81.0.4044.1382020-05-21
CVE-2020-6464 [HIGH] CWE-787 CVE-2020-6464: Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potenti
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6468HIGHCVSS 8.8fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6468 [HIGH] CWE-787 CVE-2020-6468: Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6463HIGHCVSS 8.8fixed in 81.0.4044.122≥ unspecified, < 81.0.4044.1222020-05-21
CVE-2020-6463 [HIGH] CWE-416 CVE-2020-6463: Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potenti
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6477HIGHCVSS 7.8fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6477 [HIGH] CWE-59 CVE-2020-6477: Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a l
Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.
nvd
CVE-2020-6476MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6476 [MEDIUM] CWE-276 CVE-2020-6476: Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attac
Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
nvd
CVE-2020-6473MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6473 [MEDIUM] CWE-203 CVE-2020-6473: Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote att
Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2020-6491MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6491 [MEDIUM] CVE-2020-6491: Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a re
Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name.
nvd
CVE-2020-6481MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6481 [MEDIUM] CVE-2020-6481: Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a r
Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name.
nvd
CVE-2020-6490MEDIUMCVSS 4.3fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6490 [MEDIUM] CWE-668 CVE-2020-6490: Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attac
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.
nvd