Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Filtered by product Chrome
Total 3339 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30560 4 Debian, Google, Splunk and 1 more 4 Debian Linux, Chrome, Universal Forwarder and 1 more 2024-03-27 6.8 MEDIUM 8.8 HIGH
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2011-3640 3 Apple, Google, Microsoft 3 Macos, Chrome, Windows 2024-03-21 7.1 HIGH N/A
Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
CVE-2009-0374 1 Google 1 Chrome 2024-03-21 4.3 MEDIUM N/A
Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue.
CVE-2008-5749 2 Google, Microsoft 2 Chrome, Windows Xp 2024-03-21 6.8 MEDIUM N/A
Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission.
CVE-2024-0811 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-19 N/A 4.3 MEDIUM
Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2023-6512 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-15 N/A 6.5 MEDIUM
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-6511 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-15 N/A 4.3 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-6510 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-15 N/A 8.8 HIGH
Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
CVE-2023-6509 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-15 N/A 8.8 HIGH
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)
CVE-2023-6508 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-15 N/A 8.8 HIGH
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-47131 4 Google, Microsoft, Mozilla and 1 more 4 Chrome, Edge, Firefox and 1 more 2024-02-15 N/A 7.5 HIGH
The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.
CVE-2022-2856 2 Fedoraproject, Google 3 Fedora, Android, Chrome 2024-02-15 N/A 6.5 MEDIUM
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
CVE-2022-3038 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-15 N/A 8.8 HIGH
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21206 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-15 6.8 MEDIUM 8.8 HIGH
Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0609 1 Google 1 Chrome 2024-02-15 6.8 MEDIUM 8.8 HIGH
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-38000 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2024-02-15 5.8 MEDIUM 6.1 MEDIUM
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
CVE-2022-4135 2 Google, Microsoft 3 Chrome, Edge, Edge Chromium 2024-02-15 N/A 9.6 CRITICAL
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3075 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-15 N/A 9.6 CRITICAL
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-30533 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-15 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
CVE-2021-37973 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-15 6.8 MEDIUM 9.6 CRITICAL
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.