Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 97 of 199
CVE-2020-6399MEDIUMCVSS 6.5fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6399 [MEDIUM] CWE-20 CVE-2020-6399: Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote
Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2020-6401MEDIUMCVSS 6.5fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6401 [MEDIUM] CWE-20 CVE-2020-6401: Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2020-6391MEDIUMCVSS 4.3fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6391 [MEDIUM] CWE-79 CVE-2020-6391: Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
nvd
CVE-2020-6396MEDIUMCVSS 4.3fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6396 [MEDIUM] CVE-2020-6396: Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacke
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2020-6394MEDIUMCVSS 5.4fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6394 [MEDIUM] CVE-2020-6394: Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote att
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
nvd
CVE-2020-6408MEDIUMCVSS 6.5fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6408 [MEDIUM] CVE-2020-6408: Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attac
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
nvd
CVE-2020-6411MEDIUMCVSS 5.4fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6411 [MEDIUM] CWE-20 CVE-2020-6411: Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2020-6412MEDIUMCVSS 5.4fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6412 [MEDIUM] CWE-20 CVE-2020-6412: Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2020-6392MEDIUMCVSS 4.3fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6392 [MEDIUM] CWE-79 CVE-2020-6392: Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an atta
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
nvd
CVE-2020-6397MEDIUMCVSS 6.5fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6397 [MEDIUM] CVE-2020-6397: Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote atta
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
nvd
CVE-2020-6405MEDIUMCVSS 6.5fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6405 [MEDIUM] CWE-125 CVE-2020-6405: Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obt
Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
nvd
CVE-2020-6400MEDIUMCVSS 6.5fixed in 80.0.3987.87≥ unspecified, < 80.0.3987.872020-02-11
CVE-2020-6400 [MEDIUM] CWE-203 CVE-2020-6400: Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacke
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2010-3917MEDIUMCVSS 6.5fixed in 3.0vbefore 3.02020-02-06
CVE-2010-3917 [MEDIUM] CWE-200 CVE-2010-3917: Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to ob
Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site.
nvd
CVE-2019-13722MEDIUMCVSS 6.5fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792020-01-14
CVE-2019-13722 [MEDIUM] CWE-787 CVE-2019-13722: Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attac
Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13767HIGHCVSS 8.8fixed in 79.0.3945.88≥ unspecified, < 79.0.3945.882020-01-10
CVE-2019-13767 [HIGH] CWE-416 CVE-2019-13767: Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who
Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6377HIGHCVSS 8.8fixed in 79.0.3945.117≥ unspecified, < 79.0.3945.1172020-01-10
CVE-2020-6377 [HIGH] CWE-416 CVE-2020-6377: Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potenti
Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5844MEDIUMCVSS 6.5fixed in 73.0.3683.75≥ unspecified, < 73.0.3683.752020-01-03
CVE-2019-5844 [MEDIUM] CWE-787 CVE-2019-5844: Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13766MEDIUMCVSS 6.5fixed in 77.0.3865.75≥ unspecified, < 77.0.3865.752020-01-03
CVE-2019-13766 [MEDIUM] CWE-416 CVE-2019-13766: Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to
Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5846MEDIUMCVSS 6.5fixed in 73.0.3683.75≥ unspecified, < 73.0.3683.752020-01-03
CVE-2019-5846 [MEDIUM] CWE-787 CVE-2019-5846: Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5845MEDIUMCVSS 6.5fixed in 73.0.3683.75≥ unspecified, < 73.0.3683.752020-01-03
CVE-2019-5845 [MEDIUM] CWE-787 CVE-2019-5845: Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd