Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 98 of 199
CVE-2019-13765MEDIUMCVSS 6.5fixed in 78.0.3904.70≥ unspecified, < 78.0.3904.702020-01-03
CVE-2019-13765 [MEDIUM] CWE-416 CVE-2019-13765: Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote a
Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-5815HIGHCVSS 7.5≥ unspecified, < 74.0.3729.1082019-12-11
CVE-2019-5815 [HIGH] CWE-787 CVE-2019-5815: Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
nvd
CVE-2019-5841HIGHCVSS 8.8fixed in 75.0.3770.80≥ unspecified, < 75.0.3770.802019-12-10
CVE-2019-5841 [HIGH] CWE-787 CVE-2019-5841: Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote at
Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13725HIGHCVSS 8.8fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13725 [HIGH] CWE-416 CVE-2019-13725: Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to exec
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
nvd
CVE-2019-13730HIGHCVSS 8.8fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13730 [HIGH] CWE-787 CVE-2019-13730: Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to pot
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13734HIGHCVSS 8.8fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13734 [HIGH] CWE-787 CVE-2019-13734: Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to po
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13736HIGHCVSS 8.8fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13736 [HIGH] CWE-190 CVE-2019-13736: Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to poten
Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2019-13735HIGHCVSS 8.8fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13735 [HIGH] CWE-787 CVE-2019-13735: Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker t
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
nvd
CVE-2019-13747HIGHCVSS 8.8fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13747 [HIGH] CWE-787 CVE-2019-13747: Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote a
Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13741HIGHCVSS 8.8fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13741 [HIGH] CWE-79 CVE-2019-13741: Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a
Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.
nvd
CVE-2019-5843HIGHCVSS 8.8fixed in 74.0.3729.108≥ unspecified, < 74.0.3729.1082019-12-10
CVE-2019-5843 [HIGH] CWE-787 CVE-2019-5843: Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote a
Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13727HIGHCVSS 8.8fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13727 [HIGH] CWE-281 CVE-2019-13727: Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remot
Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
nvd
CVE-2019-13764HIGHCVSS 8.8fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13764 [HIGH] CWE-843 CVE-2019-13764: Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to pot
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13732HIGHCVSS 8.8fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13732 [HIGH] CWE-416 CVE-2019-13732: Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to poten
Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13726HIGHCVSS 8.8fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13726 [HIGH] CWE-119 CVE-2019-13726: Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
nvd
CVE-2019-13729HIGHCVSS 8.8fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13729 [HIGH] CWE-416 CVE-2019-13729: Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to pot
Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13728HIGHCVSS 8.8fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13728 [HIGH] CWE-787 CVE-2019-13728: Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker t
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2019-13757MEDIUMCVSS 4.3fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13757 [MEDIUM] CVE-2019-13757: Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2019-13763MEDIUMCVSS 4.3fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13763 [MEDIUM] CVE-2019-13763: Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote
Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
nvd
CVE-2019-13759MEDIUMCVSS 4.3fixed in 79.0.3945.79≥ unspecified, < 79.0.3945.792019-12-10
CVE-2019-13759 [MEDIUM] CVE-2019-13759: Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attac
Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
nvd