Chrome Google Chrome Web browser

Do you want an email whenever new security vulnerabilities are reported in Google Chrome?

Recent Google Chrome Security Advisories

Advisory Title Published
Chrome Releases: Stable Channel Update for Desktop January 10, 2023
Chrome Releases: Stable Channel Update for Desktop January 2, 2023
Chrome Releases: Stable Channel Update for Desktop December 14, 2022
Chrome Releases: Stable Channel Update for Desktop December 2, 2022
Chrome Releases: Stable Channel Update for Desktop November 30, 2022
Chrome Releases: Stable Channel Update for Desktop November 25, 2022
Chrome Releases: Stable Channel Update for Desktop November 9, 2022
Chrome Releases: Stable Channel Update for Desktop November 9, 2022
Chrome Releases: Stable Channel Update for Desktop November 1, 2022
Chrome Releases: Stable Channel Update for Desktop November 1, 2022

@googlechrome Tweets

It’s easy to protect your online privacy with #Chrome. Clear your browsing data for a specific time, run Safety Ch… https://t.co/0lbOGsV6za
Sat Jan 28 17:00:16 +0000 2023

By the Year

In 2023 there have been 14 vulnerabilities in Google Chrome with an average score of 7.2 out of ten. Last year Chrome had 295 security vulnerabilities published. Right now, Chrome is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.88

Year Vulnerabilities Average Score
2023 14 7.17
2022 295 8.05
2021 329 8.00
2020 227 7.62
2019 303 7.07
2018 114 7.08

It may take a day or so for new Chrome vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Chrome Security Vulnerabilities

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74

CVE-2023-0131 6.5 - Medium - January 10, 2023

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74

CVE-2023-0129 8.8 - High - January 10, 2023

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)

Memory Corruption

Use after free in Cart in Google Chrome prior to 109.0.5414.74

CVE-2023-0134 8.8 - High - January 10, 2023

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Use after free in Cart in Google Chrome prior to 109.0.5414.74

CVE-2023-0135 8.8 - High - January 10, 2023

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74

CVE-2023-0138 8.8 - High - January 10, 2023

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74

CVE-2023-0141 4.3 - Medium - January 10, 2023

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81

CVE-2019-13768 7.4 - High - January 02, 2023

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)

Dangling pointer

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72

CVE-2021-21200 5.4 - Medium - January 02, 2023

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)

Out-of-bounds Read

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77

CVE-2021-30558 8.8 - High - January 02, 2023

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium)

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51

CVE-2022-0801 6.1 - Medium - January 02, 2023

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)

XSS

Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79

CVE-2022-2743 8.8 - High - January 02, 2023

Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)

Integer Overflow or Wraparound

Use after free in Passwords in Google Chrome prior to 105.0.5195.125

CVE-2022-3842 7.5 - High - January 02, 2023

Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Browser History in Google Chrome prior to 100.0.4896.75

CVE-2022-3863 6.1 - Medium - January 02, 2023

Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

Dangling pointer

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80

CVE-2022-4025 4.3 - Medium - January 02, 2023

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)

Exposure of Resource to Wrong Sphere

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124

CVE-2022-4436 8.8 - High - December 14, 2022

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124

CVE-2022-4437 8.8 - High - December 14, 2022

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124

CVE-2022-4438 8.8 - High - December 14, 2022

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Profiles in Google Chrome prior to 108.0.5359.124

CVE-2022-4440 8.8 - High - December 14, 2022

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Type confusion in V8 in Google Chrome prior to 108.0.5359.94

CVE-2022-4262 8.8 - High - December 02, 2022

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Type confusion in V8 in Google Chrome prior to 108.0.5359.71

CVE-2022-4174 8.8 - High - November 30, 2022

Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71

CVE-2022-4175 8.8 - High - November 30, 2022

Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Extensions in Google Chrome prior to 108.0.5359.71

CVE-2022-4177 8.8 - High - November 30, 2022

Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)

Dangling pointer

Use after free in Mojo in Google Chrome prior to 108.0.5359.71

CVE-2022-4178 8.8 - High - November 30, 2022

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Audio in Google Chrome prior to 108.0.5359.71

CVE-2022-4179 8.8 - High - November 30, 2022

Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Dangling pointer

Use after free in Mojo in Google Chrome prior to 108.0.5359.71

CVE-2022-4180 8.8 - High - November 30, 2022

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Dangling pointer

Use after free in Forms in Google Chrome prior to 108.0.5359.71

CVE-2022-4181 8.8 - High - November 30, 2022

Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71

CVE-2022-4182 4.3 - Medium - November 30, 2022

Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)

Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71

CVE-2022-4183 4.3 - Medium - November 30, 2022

Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71

CVE-2022-4184 4.3 - Medium - November 30, 2022

Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71

CVE-2022-4186 4.3 - Medium - November 30, 2022

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)

Improper Input Validation

Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71

CVE-2022-4189 4.3 - Medium - November 30, 2022

Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71

CVE-2022-4190 8.8 - High - November 30, 2022

Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Sign-In in Google Chrome prior to 108.0.5359.71

CVE-2022-4191 8.8 - High - November 30, 2022

Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)

Dangling pointer

Use after free in Live Caption in Google Chrome prior to 108.0.5359.71

CVE-2022-4192 8.8 - High - November 30, 2022

Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)

Dangling pointer

Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71

CVE-2022-4193 8.8 - High - November 30, 2022

Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Accessibility in Google Chrome prior to 108.0.5359.71

CVE-2022-4194 8.8 - High - November 30, 2022

Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71

CVE-2022-4195 4.3 - Medium - November 30, 2022

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121

CVE-2022-4135 9.6 - Critical - November 25, 2022

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in Skia in Google Chrome prior to 106.0.5249.119

CVE-2022-3445 8.8 - High - November 09, 2022

Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119

CVE-2022-3446 8.8 - High - November 09, 2022

Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in Permissions API in Google Chrome prior to 106.0.5249.119

CVE-2022-3448 8.8 - High - November 09, 2022

Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119

CVE-2022-3449 8.8 - High - November 09, 2022

Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Dangling pointer

Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119

CVE-2022-3450 8.8 - High - November 09, 2022

Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in V8 in Google Chrome prior to 107.0.5304.106

CVE-2022-3885 8.8 - High - November 09, 2022

Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Web Workers in Google Chrome prior to 107.0.5304.106

CVE-2022-3887 8.8 - High - November 09, 2022

Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106

CVE-2022-3888 8.8 - High - November 09, 2022

Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Type confusion in V8 in Google Chrome prior to 107.0.5304.106

CVE-2022-3889 8.8 - High - November 09, 2022

Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106

CVE-2022-3886 8.8 - High - November 09, 2022

Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106

CVE-2022-3890 9.6 - Critical - November 09, 2022

Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Type confusion in V8 in Google Chrome prior to 107.0.5304.87

CVE-2022-3723 8.8 - High - November 01, 2022

Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62

CVE-2022-3661 4.3 - Medium - November 01, 2022

Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Improper Input Validation

Use after free in Extensions in Google Chrome prior to 107.0.5304.62

CVE-2022-3657 8.8 - High - November 01, 2022

Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

Dangling pointer

Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62

CVE-2022-3656 8.8 - High - November 01, 2022

Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)

Improper Input Validation

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62

CVE-2022-3655 8.8 - High - November 01, 2022

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Memory Corruption

Use after free in Layout in Google Chrome prior to 107.0.5304.62

CVE-2022-3654 8.8 - High - November 01, 2022

Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62

CVE-2022-3653 8.8 - High - November 01, 2022

Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Type confusion in V8 in Google Chrome prior to 107.0.5304.62

CVE-2022-3652 8.8 - High - November 01, 2022

Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62

CVE-2022-3313 6.5 - Medium - November 01, 2022

Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Use after free in import in Google Chrome prior to 106.0.5249.62

CVE-2022-3311 6.5 - Medium - November 01, 2022

Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62

CVE-2022-3443 4.3 - Medium - November 01, 2022

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)

Improper Input Validation

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62

CVE-2022-3316 4.3 - Medium - November 01, 2022

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)

Improper Input Validation

Type confusion in Blink in Google Chrome prior to 106.0.5249.62

CVE-2022-3315 8.8 - High - November 01, 2022

Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Object Type Confusion

Use after free in logging in Google Chrome prior to 106.0.5249.62

CVE-2022-3314 6.5 - Medium - November 01, 2022

Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62

CVE-2022-3312 4.6 - Medium - November 01, 2022

Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chromium security severity: Medium)

Improper Input Validation

Use after free in media in Google Chrome prior to 106.0.5249.62

CVE-2022-3307 8.8 - High - November 01, 2022

Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62

CVE-2022-3308 7.4 - High - November 01, 2022

Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62

CVE-2022-3444 4.3 - Medium - November 01, 2022

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low)

Improper Input Validation

Use after free in CSS in Google Chrome prior to 106.0.5249.62

CVE-2022-3304 8.8 - High - November 01, 2022

Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91

CVE-2022-3370 8.8 - High - November 01, 2022

Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91

CVE-2022-3373 8.8 - High - November 01, 2022

Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Double free in DOMStorage in Google Chrome prior to 73.0.3683.75

CVE-2019-5797 7.5 - High - September 29, 2022

Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Double-free

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101

CVE-2022-2860 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.

Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52

CVE-2022-3046 8.8 - High - September 26, 2022

Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52

CVE-2022-3041 8.8 - High - September 26, 2022

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Layout in Google Chrome prior to 105.0.5195.52

CVE-2022-3040 8.8 - High - September 26, 2022

Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52

CVE-2022-3039 8.8 - High - September 26, 2022

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Network Service in Google Chrome prior to 105.0.5195.52

CVE-2022-3038 8.8 - High - September 26, 2022

Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101

CVE-2022-2998 8.8 - High - September 26, 2022

Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52

CVE-2022-3058 8.8 - High - September 26, 2022

Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.

Dangling pointer

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52

CVE-2022-3057 6.5 - Medium - September 26, 2022

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

AuthZ

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52

CVE-2022-3056 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.

AuthZ

Use after free in Passwords in Google Chrome prior to 105.0.5195.52

CVE-2022-3055 8.8 - High - September 26, 2022

Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52

CVE-2022-3047 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.

AuthZ

Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52

CVE-2022-3045 8.8 - High - September 26, 2022

Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

AuthZ

Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52

CVE-2022-3044 6.5 - Medium - September 26, 2022

Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

AuthZ

Use after free in Blink in Google Chrome prior to 104.0.5112.101

CVE-2022-2857 8.8 - High - September 26, 2022

Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in ANGLE in Google Chrome prior to 104.0.5112.101

CVE-2022-2855 8.8 - High - September 26, 2022

Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101

CVE-2022-2854 8.8 - High - September 26, 2022

Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52

CVE-2022-3054 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in FedCM in Google Chrome prior to 104.0.5112.101

CVE-2022-2852 8.8 - High - September 26, 2022

Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in PDF in Google Chrome prior to 105.0.5195.125

CVE-2022-3196 8.8 - High - September 26, 2022

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 105.0.5195.125

CVE-2022-3197 8.8 - High - September 26, 2022

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 105.0.5195.125

CVE-2022-3198 8.8 - High - September 26, 2022

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Use after free in Frames in Google Chrome prior to 105.0.5195.125

CVE-2022-3199 8.8 - High - September 26, 2022

Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102

CVE-2022-3075 9.6 - Critical - September 26, 2022

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Improper Input Validation

Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125

CVE-2022-3200 8.8 - High - September 26, 2022

Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125

CVE-2022-3195 8.8 - High - September 26, 2022

Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101

CVE-2022-2861 6.5 - Medium - September 26, 2022

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.

AuthZ

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101

CVE-2022-2858 8.8 - High - September 26, 2022

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.

Dangling pointer

Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101

CVE-2022-2859 8.8 - High - September 26, 2022

Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.

Dangling pointer

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Google? Click the Watch button to subscribe.

Google
Vendor

Google Chrome
Web browser

subscribe