Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 95 of 199
CVE-2020-6442MEDIUMCVSS 4.3fixed in 81.0.4044.92≥ unspecified, < 81.0.4044.922020-04-13
CVE-2020-6442 [MEDIUM] CWE-668 CVE-2020-6442: Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attack
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2020-6420HIGHCVSS 8.8fixed in 80.0.3987.132≥ unspecified, < 80.0.3987.1322020-03-23
CVE-2020-6420 [HIGH] CVE-2020-6420: Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote at
Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
nvd
CVE-2020-6424HIGHCVSS 8.8fixed in 80.0.3987.149≥ unspecified, < 80.0.3987.1492020-03-23
CVE-2020-6424 [HIGH] CWE-416 CVE-2020-6424: Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potenti
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6429HIGHCVSS 8.8fixed in 80.0.3987.149≥ unspecified, < 80.0.3987.1492020-03-23
CVE-2020-6429 [HIGH] CWE-787 CVE-2020-6429: Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potenti
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6449HIGHCVSS 8.8fixed in 80.0.3987.149≥ unspecified, < 80.0.3987.1492020-03-23
CVE-2020-6449 [HIGH] CWE-416 CVE-2020-6449: Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potenti
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6427HIGHCVSS 8.8fixed in 80.0.3987.149≥ unspecified, < 80.0.3987.1492020-03-23
CVE-2020-6427 [HIGH] CWE-787 CVE-2020-6427: Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potenti
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6422HIGHCVSS 8.8fixed in 80.0.3987.149≥ unspecified, < 80.0.3987.1492020-03-23
CVE-2020-6422 [HIGH] CWE-787 CVE-2020-6422: Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potenti
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6428HIGHCVSS 8.8fixed in 80.0.3987.149≥ unspecified, < 80.0.3987.1492020-03-23
CVE-2020-6428 [HIGH] CWE-787 CVE-2020-6428: Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potenti
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6426MEDIUMCVSS 6.5fixed in 80.0.3987.149≥ unspecified, < 80.0.3987.1492020-03-23
CVE-2020-6426 [MEDIUM] CWE-787 CVE-2020-6426: Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6425MEDIUMCVSS 5.4fixed in 80.0.3987.149≥ unspecified, < 80.0.3987.1492020-03-23
CVE-2020-6425 [MEDIUM] CWE-20 CVE-2020-6425: Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an att
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
nvd
CVE-2020-10531HIGHCVSS 8.8fixed in 80.0.3987.1222020-03-12
CVE-2020-10531 [HIGH] CWE-190 CVE-2020-10531: An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An int
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
nvd
CVE-2020-6384HIGHCVSS 8.8fixed in 80.0.3987.116≥ unspecified, < 80.0.3987.1162020-02-27
CVE-2020-6384 [HIGH] CWE-416 CVE-2020-6384: Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to pote
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6418HIGHCVSS 8.8KEVPoCfixed in 80.0.3987.122≥ unspecified, < 80.0.3987.1222020-02-27
CVE-2020-6418 [HIGH] CWE-843 CVE-2020-6418: Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentiall
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6383HIGHCVSS 8.8fixed in 80.0.3987.116≥ unspecified, < 80.0.3987.1162020-02-27
CVE-2020-6383 [HIGH] CWE-843 CVE-2020-6383: Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentiall
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6407HIGHCVSS 8.8fixed in 80.0.3987.122≥ unspecified, < 80.0.3987.1222020-02-27
CVE-2020-6407 [HIGH] CWE-787 CVE-2020-6407: Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote atta
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6386HIGHCVSS 8.8fixed in 80.0.3987.116≥ unspecified, < 80.0.3987.1162020-02-27
CVE-2020-6386 [HIGH] CWE-416 CVE-2020-6386: Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potent
Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6402HIGHCVSS 8.8fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6402 [HIGH] CWE-20 CVE-2020-6402: Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
nvd
CVE-2020-6404HIGHCVSS 8.8PoCfixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6404 [HIGH] CWE-787 CVE-2020-6404: Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attack
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6380HIGHCVSS 8.8fixed in 79.0.3945.130≥ unspecified, < 79.0.3945.1302020-02-11
CVE-2020-6380 [HIGH] CWE-863 CVE-2020-6380: Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remo
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension.
nvd
CVE-2020-6381HIGHCVSS 8.8fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6381 [HIGH] CWE-190 CVE-2020-6381: Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowe
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd