Chrome Google Chrome Web browser

  1. Vendors
  2. Google
  3. Chrome
Do you want an email whenever new security vulnerabilities are reported in Google Chrome?

Recent Google Chrome Security Advisories

Advisory Title Published
Chrome Releases: Stable Channel Update for Desktop May 30, 2023
Chrome Releases: Stable Channel Update for Desktop April 19, 2023
Chrome Releases: Stable Channel Update for Desktop April 14, 2023
Chrome Releases: Stable Channel Update for Desktop April 4, 2023
Chrome Releases: Stable Channel Update for Desktop March 21, 2023
Chrome Releases: Stable Channel Desktop Update February 22, 2023
Chrome Releases: Stable Channel Update for Desktop February 7, 2023
Chrome Releases: Stable Channel Update for Desktop January 30, 2023
Chrome Releases: Stable Channel Update for Desktop January 10, 2023
Chrome Releases: Stable Channel Update for Desktop January 2, 2023

Known Exploited Google Chrome Vulnerabilities

The following Google Chrome vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Google Chrome Skia Integer Overflow Vulnerability Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. CVE-2023-2136 April 21, 2023
Google Chrome Use-After-Free Vulnerability Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. CVE-2022-3038 March 30, 2023
Google Chrome Heap Buffer Overflow Vulnerability Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-4135 November 28, 2022
Google Chrome Intents Insufficient Input Validation Vulnerability Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available. CVE-2022-2856 August 18, 2022
Google Chrome Use-After-Free Vulnerability Use-after-free in WebAudio in Google Chrome allows a remote attacker to potentially exploit heap corruption. CVE-2019-13720 May 23, 2022
Google Chrome Use-After-Free Vulnerability Google Chrome contains a heap use-after-free vulnerability which allows an attacker to potentially perform out of bounds memory access. CVE-2019-5786 May 23, 2022
Google Chrome Use-After-Free Vulnerability The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. CVE-2022-0609 February 15, 2022
Google Chrome Prior to 81.0.4044.92 Use-After-Free Vulnerability Use-after-free vulnerability in Media in Google Chrome prior to 81.0.4044.92 allowed a Remote attacker to execute arbitrary code via a crafted HTML page. CVE-2020-6572 January 10, 2022
Google Chrome Browser V8 Arbitrary Code Execution Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30563 November 3, 2021
Google Chrome FreeType Memory Corruption Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 November 3, 2021
Google Chrome WebGL Use-After-Free Vulnerability Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30554 November 3, 2021
Google Chrome Use-After-Free Vulnerability Google Chrome use-after-free error within the V8 browser engine. CVE-2021-37975 November 3, 2021
Google Chrome Use-After-Free Vulnerability Use-after-free weakness in Portals, Google's new web page navigation system for Chrome. Successful exploitation can let attackers to execute code. CVE-2021-37973 November 3, 2021
Google Chrome Use-After-Free Vulnerability Google Chrome Use-After-Free vulnerability CVE-2021-30633 November 3, 2021
Google Chrome Out-of-bounds write Google Chrome out-of-bounds write that allows to execute arbitrary code on the target system. CVE-2021-30632 November 3, 2021
Google Chrome Information Leakage Information disclosure in Google Chrome that exists due to excessive data output in core. CVE-2021-37976 November 3, 2021
Google Chrome Site Isolation Component Use-After-Free Remote Code Execution vulnerability Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16017 November 3, 2021
Google Chrome Heap Buffer Overflow in WebAudio Vulnerability Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21166 November 3, 2021

By the Year

In 2023 there have been 100 vulnerabilities in Google Chrome with an average score of 7.6 out of ten. Last year Chrome had 295 security vulnerabilities published. Right now, Chrome is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.46

Year Vulnerabilities Average Score
2023 100 7.59
2022 295 8.05
2021 329 8.00
2020 227 7.62
2019 303 7.07
2018 114 7.08

It may take a day or so for new Chrome vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Chrome Security Vulnerabilities

Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90

CVE-2023-2940 6.5 - Medium - May 30, 2023

Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90

CVE-2023-2929 8.8 - High - May 30, 2023

Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in Extensions in Google Chrome prior to 114.0.5735.90

CVE-2023-2930 8.8 - High - May 30, 2023

Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 114.0.5735.90

CVE-2023-2931 8.8 - High - May 30, 2023

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 114.0.5735.90

CVE-2023-2932 8.8 - High - May 30, 2023

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 114.0.5735.90

CVE-2023-2933 8.8 - High - May 30, 2023

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90

CVE-2023-2934 8.8 - High - May 30, 2023

Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90

CVE-2023-2935 8.8 - High - May 30, 2023

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90

CVE-2023-2936 8.8 - High - May 30, 2023

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90

CVE-2023-2937 4.3 - Medium - May 30, 2023

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90

CVE-2023-2938 4.3 - Medium - May 30, 2023

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90

CVE-2023-2941 4.3 - Medium - May 30, 2023

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)

Use after free in Navigation in Google Chrome prior to 113.0.5672.126

CVE-2023-2721 8.8 - High - May 16, 2023

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Dangling pointer

Use after free in DevTools in Google Chrome prior to 113.0.5672.126

CVE-2023-2723 8.8 - High - May 16, 2023

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Type confusion in V8 in Google Chrome prior to 113.0.5672.126

CVE-2023-2724 8.8 - High - May 16, 2023

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Use after free in Guest View in Google Chrome prior to 113.0.5672.126

CVE-2023-2725 8.8 - High - May 16, 2023

Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126

CVE-2023-2726 8.8 - High - May 16, 2023

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63

CVE-2023-2459 6.5 - Medium - May 03, 2023

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63

CVE-2023-2460 7.1 - High - May 03, 2023

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

Improper Input Validation

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63

CVE-2023-2462 4.3 - Medium - May 03, 2023

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63

CVE-2023-2464 4.3 - Medium - May 03, 2023

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63

CVE-2023-2465 4.3 - Medium - May 03, 2023

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63

CVE-2023-2466 4.3 - Medium - May 03, 2023

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63

CVE-2023-2468 4.3 - Medium - May 03, 2023

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137

CVE-2023-2133 8.8 - High - April 19, 2023

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137

CVE-2023-2134 8.8 - High - April 19, 2023

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in DevTools in Google Chrome prior to 112.0.5615.137

CVE-2023-2135 7.5 - High - April 19, 2023

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137

CVE-2023-2136 9.6 - Critical - April 19, 2023

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Integer Overflow or Wraparound

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137

CVE-2023-2137 8.8 - High - April 19, 2023

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Memory Corruption

Type confusion in V8 in Google Chrome prior to 112.0.5615.121

CVE-2023-2033 8.8 - High - April 14, 2023

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49

CVE-2023-1810 8.8 - High - April 04, 2023

Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in Frames in Google Chrome prior to 112.0.5615.49

CVE-2023-1811 8.8 - High - April 04, 2023

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49

CVE-2023-1812 8.8 - High - April 04, 2023

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Buffer Overflow

Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49

CVE-2023-1813 6.5 - Medium - April 04, 2023

Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49

CVE-2023-1814 6.5 - Medium - April 04, 2023

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)

Improper Input Validation

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49

CVE-2023-1815 8.8 - High - April 04, 2023

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49

CVE-2023-1816 6.5 - Medium - April 04, 2023

Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49

CVE-2023-1817 6.5 - Medium - April 04, 2023

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Vulkan in Google Chrome prior to 112.0.5615.49

CVE-2023-1818 8.8 - High - April 04, 2023

Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49

CVE-2023-1819 6.5 - Medium - April 04, 2023

Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Out-of-bounds Read

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49

CVE-2023-1820 8.8 - High - April 04, 2023

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Memory Corruption

Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49

CVE-2023-1821 6.5 - Medium - April 04, 2023

Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49

CVE-2023-1822 6.5 - Medium - April 04, 2023

Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49

CVE-2023-1823 6.5 - Medium - April 04, 2023

Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110

CVE-2023-1529 9.8 - Critical - March 21, 2023

Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)

Buffer Overflow

Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110

CVE-2023-1532 8.8 - High - March 21, 2023

Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Out-of-bounds Read

Use after free in Passwords in Google Chrome prior to 111.0.5563.110

CVE-2023-1528 8.8 - High - March 21, 2023

Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110

CVE-2023-1534 8.8 - High - March 21, 2023

Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 111.0.5563.110

CVE-2023-1530 8.8 - High - March 21, 2023

Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in ANGLE in Google Chrome prior to 111.0.5563.110

CVE-2023-1531 8.8 - High - March 21, 2023

Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in WebProtect in Google Chrome prior to 111.0.5563.110

CVE-2023-1533 8.8 - High - March 21, 2023

Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64

CVE-2023-1213 8.8 - High - March 07, 2023

Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Type confusion in V8 in Google Chrome prior to 111.0.5563.64

CVE-2023-1214 8.8 - High - March 07, 2023

Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Type confusion in CSS in Google Chrome prior to 111.0.5563.64

CVE-2023-1215 8.8 - High - March 07, 2023

Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Use after free in DevTools in Google Chrome prior to 111.0.5563.64

CVE-2023-1216 8.8 - High - March 07, 2023

Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in WebRTC in Google Chrome prior to 111.0.5563.64

CVE-2023-1218 8.8 - High - March 07, 2023

Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64

CVE-2023-1219 8.8 - High - March 07, 2023

Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64

CVE-2023-1220 8.8 - High - March 07, 2023

Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64

CVE-2023-1221 4.3 - Medium - March 07, 2023

Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64

CVE-2023-1222 8.8 - High - March 07, 2023

Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Memory Corruption

Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64

CVE-2023-1224 4.3 - Medium - March 07, 2023

Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64

CVE-2023-1226 6.5 - Medium - March 07, 2023

Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64

CVE-2023-1229 4.3 - Medium - March 07, 2023

Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Incorrect Default Permissions

Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64

CVE-2023-1232 4.3 - Medium - March 07, 2023

Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)

Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64

CVE-2023-1233 4.3 - Medium - March 07, 2023

Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low)

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64

CVE-2023-1235 6.3 - Medium - March 07, 2023

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)

Object Type Confusion

Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64

CVE-2023-1236 4.3 - Medium - March 07, 2023

Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)

Integer overflow in PDF in Google Chrome prior to 110.0.5481.177

CVE-2023-0933 8.8 - High - February 22, 2023

Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

Integer Overflow or Wraparound

Use after free in Prompts in Google Chrome prior to 110.0.5481.177

CVE-2023-0941 8.8 - High - February 22, 2023

Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Dangling pointer

Use after free in Video in Google Chrome prior to 110.0.5481.177

CVE-2023-0931 8.8 - High - February 22, 2023

Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Vulkan in Google Chrome prior to 110.0.5481.177

CVE-2023-0929 8.8 - High - February 22, 2023

Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177

CVE-2023-0930 8.8 - High - February 22, 2023

Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177

CVE-2023-0928 8.8 - High - February 22, 2023

Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in GPU in Google Chrome prior to 110.0.5481.77

CVE-2023-0699 8.8 - High - February 07, 2023

Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)

Dangling pointer

Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77

CVE-2023-0700 6.5 - Medium - February 07, 2023

Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77

CVE-2023-0701 8.8 - High - February 07, 2023

Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium)

Memory Corruption

Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77

CVE-2023-0702 8.8 - High - February 07, 2023

Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Object Type Confusion

Type confusion in DevTools in Google Chrome prior to 110.0.5481.77

CVE-2023-0703 8.8 - High - February 07, 2023

Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)

Object Type Confusion

Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77

CVE-2023-0704 6.5 - Medium - February 07, 2023

Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)

Integer overflow in Core in Google Chrome prior to 110.0.5481.77

CVE-2023-0705 7.5 - High - February 07, 2023

Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Integer Overflow or Wraparound

Type confusion in V8 in Google Chrome prior to 110.0.5481.77

CVE-2023-0696 8.8 - High - February 07, 2023

Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77

CVE-2023-0698 8.8 - High - February 07, 2023

Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Out-of-bounds Read

Use after free in WebTransport in Google Chrome prior to 109.0.5414.119

CVE-2023-0471 8.8 - High - January 30, 2023

Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in WebRTC in Google Chrome prior to 109.0.5414.119

CVE-2023-0472 8.8 - High - January 30, 2023

Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119

CVE-2023-0473 8.8 - High - January 30, 2023

Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Object Type Confusion

Use after free in GuestView in Google Chrome prior to 109.0.5414.119

CVE-2023-0474 8.8 - High - January 30, 2023

Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)

Dangling pointer

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74

CVE-2023-0141 4.3 - Medium - January 10, 2023

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74

CVE-2023-0138 8.8 - High - January 10, 2023

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption

Use after free in Cart in Google Chrome prior to 109.0.5414.74

CVE-2023-0135 8.8 - High - January 10, 2023

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74

CVE-2023-0129 8.8 - High - January 10, 2023

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)

Memory Corruption

Use after free in Cart in Google Chrome prior to 109.0.5414.74

CVE-2023-0134 8.8 - High - January 10, 2023

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74

CVE-2023-0131 6.5 - Medium - January 10, 2023

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80

CVE-2022-4025 4.3 - Medium - January 02, 2023

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)

Exposure of Resource to Wrong Sphere

Use after free in Browser History in Google Chrome prior to 100.0.4896.75

CVE-2022-3863 6.1 - Medium - January 02, 2023

Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

Dangling pointer

Use after free in Passwords in Google Chrome prior to 105.0.5195.125

CVE-2022-3842 7.5 - High - January 02, 2023

Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79

CVE-2022-2743 8.8 - High - January 02, 2023

Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)

Integer Overflow or Wraparound

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77

CVE-2021-30558 8.8 - High - January 02, 2023

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium)

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81

CVE-2019-13768 7.4 - High - January 02, 2023

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)

Dangling pointer

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72

CVE-2021-21200 5.4 - Medium - January 02, 2023

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)

Out-of-bounds Read

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51

CVE-2022-0801 6.1 - Medium - January 02, 2023

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Google Chrome or by Google? Click the Watch button to subscribe.

Google
Vendor

Google Chrome
Web browser

subscribe