Google Chrome Web browser
Recent Google Chrome Security Advisories
Known Exploited Google Chrome Vulnerabilities
The following Google Chrome vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Google Chrome Skia Integer Overflow Vulnerability | Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. CVE-2023-2136 | April 21, 2023 |
Google Chrome Use-After-Free Vulnerability | Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. CVE-2022-3038 | March 30, 2023 |
Google Chrome Heap Buffer Overflow Vulnerability | Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-4135 | November 28, 2022 |
Google Chrome Intents Insufficient Input Validation Vulnerability | Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available. CVE-2022-2856 | August 18, 2022 |
Google Chrome Use-After-Free Vulnerability | Use-after-free in WebAudio in Google Chrome allows a remote attacker to potentially exploit heap corruption. CVE-2019-13720 | May 23, 2022 |
Google Chrome Use-After-Free Vulnerability | Google Chrome contains a heap use-after-free vulnerability which allows an attacker to potentially perform out of bounds memory access. CVE-2019-5786 | May 23, 2022 |
Google Chrome Use-After-Free Vulnerability | The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. CVE-2022-0609 | February 15, 2022 |
Google Chrome Prior to 81.0.4044.92 Use-After-Free Vulnerability | Use-after-free vulnerability in Media in Google Chrome prior to 81.0.4044.92 allowed a Remote attacker to execute arbitrary code via a crafted HTML page. CVE-2020-6572 | January 10, 2022 |
Google Chrome Browser V8 Arbitrary Code Execution | Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30563 | November 3, 2021 |
Google Chrome FreeType Memory Corruption | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 | November 3, 2021 |
Google Chrome WebGL Use-After-Free Vulnerability | Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30554 | November 3, 2021 |
Google Chrome Use-After-Free Vulnerability | Google Chrome use-after-free error within the V8 browser engine. CVE-2021-37975 | November 3, 2021 |
Google Chrome Use-After-Free Vulnerability | Use-after-free weakness in Portals, Google's new web page navigation system for Chrome. Successful exploitation can let attackers to execute code. CVE-2021-37973 | November 3, 2021 |
Google Chrome Use-After-Free Vulnerability | Google Chrome Use-After-Free vulnerability CVE-2021-30633 | November 3, 2021 |
Google Chrome Out-of-bounds write | Google Chrome out-of-bounds write that allows to execute arbitrary code on the target system. CVE-2021-30632 | November 3, 2021 |
Google Chrome Information Leakage | Information disclosure in Google Chrome that exists due to excessive data output in core. CVE-2021-37976 | November 3, 2021 |
Google Chrome Site Isolation Component Use-After-Free Remote Code Execution vulnerability | Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16017 | November 3, 2021 |
Google Chrome Heap Buffer Overflow in WebAudio Vulnerability | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21166 | November 3, 2021 |
By the Year
In 2024 there have been 76 vulnerabilities in Google Chrome with an average score of 8.0 out of ten. Last year Chrome had 247 security vulnerabilities published. Right now, Chrome is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.49.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 76 | 8.02 |
2023 | 247 | 7.53 |
2022 | 295 | 8.05 |
2021 | 329 | 8.00 |
2020 | 227 | 7.62 |
2019 | 303 | 7.07 |
2018 | 114 | 7.08 |
It may take a day or so for new Chrome vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Chrome Security Vulnerabilities
Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139
CVE-2024-2884
6.5 - Medium
- July 16, 2024
Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Out-of-bounds Read
Use after free in DevTools in Google Chrome prior to 122.0.6261.57
CVE-2024-3168
8.8 - High
- July 16, 2024
Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Use after free in V8 in Google Chrome prior to 121.0.6167.139
CVE-2024-3169
8.8 - High
- July 16, 2024
Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in WebRTC in Google Chrome prior to 121.0.6167.85
CVE-2024-3170
8.8 - High
- July 16, 2024
Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57
CVE-2024-3171
8.8 - High
- July 16, 2024
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Dangling pointer
Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85
CVE-2024-3172
8.8 - High
- July 16, 2024
Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62
CVE-2024-3173
8.8 - High
- July 16, 2024
Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
Insufficient Verification of Data Authenticity
Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105
CVE-2024-3174
8.8 - High
- July 16, 2024
Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62
CVE-2024-3175
6.3 - Medium
- July 16, 2024
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)
Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62
CVE-2024-3176
8.8 - High
- July 16, 2024
Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351
CVE-2024-5500
6.5 - Medium
- July 16, 2024
Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page
CVE-2024-6100
8.8 - High
- June 20, 2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114
CVE-2024-6101
8.8 - High
- June 20, 2024
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114
CVE-2024-6102
8.8 - High
- June 20, 2024
Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Use after free in Dawn in Google Chrome prior to 126.0.6478.114
CVE-2024-6103
8.8 - High
- June 20, 2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-5830
8.8 - High
- June 11, 2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in Dawn in Google Chrome prior to 126.0.6478.54
CVE-2024-5831
8.8 - High
- June 11, 2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Dawn in Google Chrome prior to 126.0.6478.54
CVE-2024-5832
8.8 - High
- June 11, 2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-5833
8.8 - High
- June 11, 2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54
CVE-2024-5834
8.8 - High
- June 11, 2024
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54
CVE-2024-5835
8.8 - High
- June 11, 2024
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54
CVE-2024-5836
8.8 - High
- June 11, 2024
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-5837
8.8 - High
- June 11, 2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-5838
8.8 - High
- June 11, 2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54
CVE-2024-5839
6.5 - Medium
- June 11, 2024
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Policy bypass in CORS in Google Chrome prior to 126.0.6478.54
CVE-2024-5840
6.5 - Medium
- June 11, 2024
Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)
Use after free in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-5841
8.8 - High
- June 11, 2024
Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54
CVE-2024-5842
8.8 - High
- June 11, 2024
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54
CVE-2024-5843
6.5 - Medium
- June 11, 2024
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)
Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54
CVE-2024-5844
8.8 - High
- June 11, 2024
Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Memory Corruption
Use after free in Audio in Google Chrome prior to 126.0.6478.54
CVE-2024-5845
8.8 - High
- June 11, 2024
Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Dangling pointer
Use after free in PDFium in Google Chrome prior to 126.0.6478.54
CVE-2024-5846
8.8 - High
- June 11, 2024
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Dangling pointer
Use after free in PDFium in Google Chrome prior to 126.0.6478.54
CVE-2024-5847
8.8 - High
- June 11, 2024
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Dangling pointer
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112
CVE-2024-5274
8.8 - High
- May 28, 2024
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60
CVE-2024-4947
8.8 - High
- May 15, 2024
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207
CVE-2024-4761
8.8 - High
- May 14, 2024
Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Use after free in Visuals in Google Chrome prior to 124.0.6367.201
CVE-2024-4671
9.6 - Critical
- May 14, 2024
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78
CVE-2024-4058
8.8 - High
- May 01, 2024
Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Object Type Confusion
Use after free in Downloads in Google Chrome prior to 124.0.6367.60
CVE-2024-3834
8.8 - High
- April 17, 2024
Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in QUIC in Google Chrome prior to 124.0.6367.60
CVE-2024-3837
8.8 - High
- April 17, 2024
Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60
CVE-2024-3838
5.5 - Medium
- April 17, 2024
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)
Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60
CVE-2024-3839
6.5 - Medium
- April 17, 2024
Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Out-of-bounds Read
Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105
CVE-2024-3156
8.8 - High
- April 06, 2024
Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105
CVE-2024-3158
8.8 - High
- April 06, 2024
Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105
CVE-2024-3159
8.8 - High
- April 06, 2024
Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Buffer Overflow
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58
CVE-2024-2631
4.3 - Medium
- March 20, 2024
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58
CVE-2024-2630
6.5 - Medium
- March 20, 2024
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58
CVE-2024-2629
4.3 - Medium
- March 20, 2024
Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58
CVE-2024-2628
4.3 - Medium
- March 20, 2024
Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)
Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58
CVE-2024-2626
6.5 - Medium
- March 20, 2024
Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Out-of-bounds Read
Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58
CVE-2024-2625
8.8 - High
- March 20, 2024
Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in Canvas in Google Chrome prior to 123.0.6312.58
CVE-2024-2627
8.8 - High
- March 20, 2024
Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160
CVE-2024-1283
9.8 - Critical
- February 07, 2024
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Use after free in Mojo in Google Chrome prior to 121.0.6167.160
CVE-2024-1284
9.8 - Critical
- February 07, 2024
Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139
CVE-2024-1059
8.8 - High
- January 30, 2024
Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Canvas in Google Chrome prior to 121.0.6167.139
CVE-2024-1060
8.8 - High
- January 30, 2024
Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Network in Google Chrome prior to 121.0.6167.139
CVE-2024-1077
8.8 - High
- January 30, 2024
Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
Dangling pointer
Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85
CVE-2024-0804
7.5 - High
- January 24, 2024
Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85
CVE-2024-0805
4.3 - Medium
- January 24, 2024
Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
Use after free in Passwords in Google Chrome prior to 121.0.6167.85
CVE-2024-0806
8.8 - High
- January 24, 2024
Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
Dangling pointer
Use after free in Web Audio in Google Chrome prior to 121.0.6167.85
CVE-2024-0807
8.8 - High
- January 24, 2024
Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85
CVE-2024-0808
9.8 - Critical
- January 24, 2024
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
Integer underflow
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85
CVE-2024-0809
4.3 - Medium
- January 24, 2024
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85
CVE-2024-0810
4.3 - Medium
- January 24, 2024
Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)
Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85
CVE-2024-0811
4.3 - Medium
- January 24, 2024
Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)
Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85
CVE-2024-0812
8.8 - High
- January 24, 2024
Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85
CVE-2024-0813
8.8 - High
- January 24, 2024
Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
Dangling pointer
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85
CVE-2024-0814
6.5 - Medium
- January 24, 2024
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Origin Validation Error
Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224
CVE-2024-0517
8.8 - High
- January 16, 2024
Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Type confusion in V8 in Google Chrome prior to 120.0.6099.224
CVE-2024-0518
8.8 - High
- January 16, 2024
Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224
CVE-2024-0519
8.8 - High
- January 16, 2024
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216
CVE-2024-0333
5.3 - Medium
- January 10, 2024
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)
Use after free in WebGPU in Google Chrome prior to 120.0.6099.199
CVE-2024-0225
8.8 - High
- January 04, 2024
Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in WebAudio in Google Chrome prior to 120.0.6099.199
CVE-2024-0224
8.8 - High
- January 04, 2024
Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in ANGLE in Google Chrome prior to 120.0.6099.199
CVE-2024-0222
8.8 - High
- January 04, 2024
Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199
CVE-2024-0223
8.8 - High
- January 04, 2024
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129
CVE-2023-7024
8.8 - High
- December 21, 2023
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Type confusion in V8 in Google Chrome prior to 120.0.6099.109
CVE-2023-6702
8.8 - High
- December 14, 2023
Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in Blink in Google Chrome prior to 120.0.6099.109
CVE-2023-6703
8.8 - High
- December 14, 2023
Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in libavif in Google Chrome prior to 120.0.6099.109
CVE-2023-6704
8.8 - High
- December 14, 2023
Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)
Dangling pointer
Use after free in WebRTC in Google Chrome prior to 120.0.6099.109
CVE-2023-6705
8.8 - High
- December 14, 2023
Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in FedCM in Google Chrome prior to 120.0.6099.109
CVE-2023-6706
8.8 - High
- December 14, 2023
Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in CSS in Google Chrome prior to 120.0.6099.109
CVE-2023-6707
8.8 - High
- December 14, 2023
Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62
CVE-2023-6508
8.8 - High
- December 06, 2023
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62
CVE-2023-6509
8.8 - High
- December 06, 2023
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)
Dangling pointer
Use after free in Media Capture in Google Chrome prior to 120.0.6099.62
CVE-2023-6510
8.8 - High
- December 06, 2023
Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
Dangling pointer
Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62
CVE-2023-6511
4.3 - Medium
- December 06, 2023
Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62
CVE-2023-6512
6.5 - Medium
- December 06, 2023
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199
CVE-2023-6348
8.8 - High
- November 29, 2023
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in libavif in Google Chrome prior to 119.0.6045.199
CVE-2023-6350
8.8 - High
- November 29, 2023
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
Dangling pointer
Use after free in Mojo in Google Chrome prior to 119.0.6045.199
CVE-2023-6347
8.8 - High
- November 29, 2023
Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199
CVE-2023-6346
8.8 - High
- November 29, 2023
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in libavif in Google Chrome prior to 119.0.6045.199
CVE-2023-6351
8.8 - High
- November 29, 2023
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
Dangling pointer
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199
CVE-2023-6345
9.6 - Critical
- November 29, 2023
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Integer Overflow or Wraparound
Use after free in Navigation in Google Chrome prior to 119.0.6045.159
CVE-2023-6112
8.8 - High
- November 15, 2023
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159
CVE-2023-5997
8.8 - High
- November 15, 2023
Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in WebAudio in Google Chrome prior to 119.0.6045.123
CVE-2023-5996
8.8 - High
- November 08, 2023
Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105
CVE-2023-5856
8.8 - High
- November 01, 2023
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105
CVE-2023-5855
8.8 - High
- November 01, 2023
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Dangling pointer
Use after free in Profiles in Google Chrome prior to 119.0.6045.105
CVE-2023-5854
8.8 - High
- November 01, 2023
Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Dangling pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Google? Click the Watch button to subscribe.
![subscribe](/images/undraw_subscriber_vabu.png)