Google Chrome Chrome vulnerabilities
1,139 known vulnerabilities affecting google/chrome_chrome.
Total CVEs
1,139
CISA KEV
47
actively exploited
Public exploits
9
Exploited in wild
36
Severity breakdown
CRITICAL58HIGH621MEDIUM339LOW104UNKNOWN17
Vulnerabilities
Page 35 of 57
CVE-2022-4180HIGHCVSS 8.82022-11-29
CVE-2022-4180 [HIGH] Stable Channel Update for Desktop: CVE-2022-4180
Stable Channel Update for Desktop
CVE-2022-4180: Use after free in Mojo. Reported by Anonymous on 2022-10-26 [$NA] [ 1382434 ] High CVE-2022-4906: Inappropriate implementation in Blink
Reported by Sergei Glazunov of Google Project Zero on 2022-11-08 [$TBD][ 1382581 ] High CVE-2022-4181: Use after free in Forms
Severity: high
chrome
CVE-2022-4174HIGHCVSS 8.82022-11-29
CVE-2022-4174 [HIGH] Stable Channel Update for Desktop: CVE-2022-4174
Stable Channel Update for Desktop
CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2022-10-27 [$11000][ 1381401 ] High CVE-2022-4175: Use after free in Camera Capture
Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2022-11-04 [$2000][ 1361066 ] High CVE-2022-4176: Out of bounds write in Lacros Graphics
Severity: high
chrome
CVE-2022-4195MEDIUMCVSS 4.32022-11-29
CVE-2022-4195 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-4195
Stable Channel Update for Desktop
CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Reported by Eric Lawrence of Microsoft on 2022-10-06 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
Severity: medium
chrome
CVE-2022-4183MEDIUMCVSS 4.32022-11-29
CVE-2022-4183 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-4183
Stable Channel Update for Desktop
CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. Reported by David Sievers on 2021-09-22 [$5000][ 1358647 ] Medium CVE-2022-4184: Insufficient policy enforcement in Autofill
Reported by Ahmed ElMasry on 2022-09-01 [$5000][ 1373025 ] Medium CVE-2022-4185: Inappropriate implementation in Navigation
Severity: medium
chrome
CVE-2022-4907MEDIUMCVSS 4.32022-11-29
CVE-2022-4907 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-4907
Stable Channel Update for Desktop
CVE-2022-4907: Uninitialized Use of FFmpeg. Reported by Christoph Diehl, Microsoft Vulnerability Research on 2022-08-31 [$6000][ 1368739 ] Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames
Reported by Peter Nemeth on 2022-09-28 [ $5000][ 1349146 ] Medium CVE-2022-4955: Inappropriate implementation in DevTools
Severity: medium
chrome
CVE-2022-4189MEDIUMCVSS 4.32022-11-29
CVE-2022-4189 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-4189
Stable Channel Update for Desktop
CVE-2022-4189: Insufficient policy enforcement in DevTools. Reported by NDevTK on 2022-07-15 [$3000][ 1378997 ] Medium CVE-2022-4190: Insufficient data validation in Directory
Reported by Axel Chong on 2022-10-27 [$2000][ 1373941 ] Medium CVE-2022-4191: Use after free in Sign-In
Severity: medium
chrome
CVE-2022-4186MEDIUMCVSS 4.32022-11-29
CVE-2022-4186 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-4186
Stable Channel Update for Desktop
CVE-2022-4186: Insufficient validation of untrusted input in Downloads. Reported by Luan Herrera (@lbherrera_) on 2022-10-21 [$5000][ 1381217 ] Medium CVE-2022-4187: Insufficient policy enforcement in DevTools
Reported by Axel Chong on 2022-11-04 [$3000][ 1340879 ] Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS
Severity: medium
chrome
CVE-2022-4192MEDIUMCVSS 8.82022-11-29
CVE-2022-4192 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-4192
Stable Channel Update for Desktop
CVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci @sametbekmezci on 2022-07-14 [$1000][ 1354518 ] Medium CVE-2022-4193: Insufficient policy enforcement in File System API
Reported by Axel Chong on 2022-08-19 [$TBD][ 1370562 ] Medium CVE-2022-4194: Use after free in Accessibility
Severity: medium
chrome
CVE-2022-3449HIGHCVSS 8.82022-11-14
CVE-2022-3449 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-3449
Long Term Support Channel Update for ChromeOS
CVE-2022-3449
chrome
CVE-2022-3450HIGHCVSS 8.82022-11-14
CVE-2022-3450 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-3450
Long Term Support Channel Update for ChromeOS
CVE-2022-3450
chrome
CVE-2022-3888HIGHCVSS 8.82022-11-08
CVE-2022-3888 [HIGH] Stable Channel Update for Desktop: CVE-2022-3888
Stable Channel Update for Desktop
CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16 [$TBD][ 1380063 ] High CVE-2022-3889: Type Confusion in V8
Reported by anonymous on 2022-11-01 [$TBD][ 1380083 ] High CVE-2022-3890: Heap buffer overflow in Crashpad
Severity: high
chrome
CVE-2022-3885HIGHCVSS 8.82022-11-08
CVE-2022-3885 [HIGH] Stable Channel Update for Desktop: CVE-2022-3885
Stable Channel Update for Desktop
CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24 [$10000][ 1372999 ] High CVE-2022-3886: Use after free in Speech Recognition
Reported by anonymous on 2022-10-10 [$7000][ 1372695 ] High CVE-2022-3887: Use after free in Web Workers
Severity: high
chrome
CVE-2022-3446HIGHCVSS 8.82022-11-01
CVE-2022-3446 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-3446
Long Term Support Channel Update for ChromeOS
CVE-2022-3446
chrome
CVE-2022-3306HIGHCVSS 8.82022-11-01
CVE-2022-3306 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-3306
Long Term Support Channel Update for ChromeOS
CVE-2022-3306
chrome
CVE-2022-3305HIGHCVSS 8.82022-11-01
CVE-2022-3305 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-3305
Long Term Support Channel Update for ChromeOS
CVE-2022-3305
chrome
CVE-2022-3044MEDIUMCVSS 6.52022-11-01
CVE-2022-3044 [MEDIUM] Long Term Support Channel Update for ChromeOS: CVE-2022-3044
Long Term Support Channel Update for ChromeOS
CVE-2022-3044
chrome
CVE-2022-3723HIGHCVSS 8.8KEV2022-10-27
CVE-2022-3723 [HIGH] Stable Channel Update for Desktop: CVE-2022-3723
Stable Channel Update for Desktop
CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast on 2022-10-25 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
Severity: high
chrome
CVE-2022-3652HIGHCVSS 8.82022-10-25
CVE-2022-3652 [HIGH] Stable Channel Update for Desktop: CVE-2022-3652
Stable Channel Update for Desktop
CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S
Severity: high
chrome
CVE-2022-3653HIGHCVSS 8.82022-10-25
CVE-2022-3653 [HIGH] Stable Channel Update for Desktop: CVE-2022-3653
Stable Channel Update for Desktop
CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19 [$TBD][ 1365330 ] High CVE-2022-3654: Use after free in Layout
Reported by Sergei Glazunov of Google Project Zero on 2022-09-19 [$3000][ 1279268 ] Medium CVE-2022-4910: Inappropriate implementation in Autofill
Severity: high
chrome
CVE-2022-3655MEDIUMCVSS 8.82022-10-25
CVE-2022-3655 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-3655
Stable Channel Update for Desktop
CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11 [$3000][ 1345275 ] Medium CVE-2022-3656: Insufficient data validation in File System
Reported by Ron Masas, Imperva on 2022-07-18 [$2000][ 1351177 ] Medium CVE-2022-3657: Use after free in Extensions
Severity: medium
chrome