Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 93 of 199
CVE-2020-6479MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6479 [MEDIUM] CVE-2020-6479: Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote atta
Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.
nvd
CVE-2020-6487MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6487 [MEDIUM] CWE-276 CVE-2020-6487: Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2020-6475MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6475 [MEDIUM] CVE-2020-6475: Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote atta
Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.
nvd
CVE-2020-6480MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6480 [MEDIUM] CWE-276 CVE-2020-6480: Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local
Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions.
nvd
CVE-2020-6478MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6478 [MEDIUM] CVE-2020-6478: Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote
Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.
nvd
CVE-2020-6482MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6482 [MEDIUM] CWE-276 CVE-2020-6482: Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
nvd
CVE-2020-6488MEDIUMCVSS 4.3fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6488 [MEDIUM] CWE-276 CVE-2020-6488: Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2020-6483MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6483 [MEDIUM] CWE-276 CVE-2020-6483: Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote
Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2020-6485MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6485 [MEDIUM] CWE-20 CVE-2020-6485: Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote
Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2020-6472MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6472 [MEDIUM] CVE-2020-6472: Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension.
nvd
CVE-2020-6470MEDIUMCVSS 6.1fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6470 [MEDIUM] CWE-79 CVE-2020-6470: Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allow
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents.
nvd
CVE-2020-6460MEDIUMCVSS 6.5fixed in 81.0.4044.122≥ unspecified, < 81.0.4044.1222020-05-21
CVE-2020-6460 [MEDIUM] CVE-2020-6460: Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a rem
Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name.
nvd
CVE-2020-6484MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6484 [MEDIUM] CWE-276 CVE-2020-6484: Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request.
nvd
CVE-2020-6489MEDIUMCVSS 4.3fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6489 [MEDIUM] CWE-200 CVE-2020-6489: Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a rem
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page.
nvd
CVE-2020-6486MEDIUMCVSS 6.5fixed in 83.0.4103.61≥ unspecified, < 83.0.4103.612020-05-21
CVE-2020-6486 [MEDIUM] CVE-2020-6486: Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remo
Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2020-6423HIGHCVSS 8.8fixed in 81.0.4044.92≥ unspecified, < 81.0.4044.922020-04-13
CVE-2020-6423 [HIGH] CWE-416 CVE-2020-6423: Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentia
Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6451HIGHCVSS 8.8fixed in 80.0.3987.162≥ unspecified, < 80.0.3987.1622020-04-13
CVE-2020-6451 [HIGH] CWE-416 CVE-2020-6451: Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to pote
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6439HIGHCVSS 8.8fixed in 81.0.4044.92≥ unspecified, < 81.0.4044.922020-04-13
CVE-2020-6439 [HIGH] CWE-276 CVE-2020-6439: Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remo
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
nvd
CVE-2020-6452HIGHCVSS 8.8fixed in 80.0.3987.162≥ unspecified, < 80.0.3987.1622020-04-13
CVE-2020-6452 [HIGH] CWE-787 CVE-2020-6452: Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to p
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6434HIGHCVSS 8.8fixed in 81.0.4044.92≥ unspecified, < 81.0.4044.922020-04-13
CVE-2020-6434 [HIGH] CWE-416 CVE-2020-6434: Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to poten
Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd