Google Chrome Web browser
Recent Google Chrome Security Advisories
@googlechrome Tweets

Sat Jan 28 17:00:16 +0000 2023
By the Year
In 2023 there have been 14 vulnerabilities in Google Chrome with an average score of 7.2 out of ten. Last year Chrome had 295 security vulnerabilities published. Right now, Chrome is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.88
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 14 | 7.17 |
2022 | 295 | 8.05 |
2021 | 329 | 8.00 |
2020 | 227 | 7.62 |
2019 | 303 | 7.07 |
2018 | 114 | 7.08 |
It may take a day or so for new Chrome vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Chrome Security Vulnerabilities
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74
CVE-2023-0131
6.5 - Medium
- January 10, 2023
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74
CVE-2023-0129
8.8 - High
- January 10, 2023
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)
Memory Corruption
Use after free in Cart in Google Chrome prior to 109.0.5414.74
CVE-2023-0134
8.8 - High
- January 10, 2023
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Use after free in Cart in Google Chrome prior to 109.0.5414.74
CVE-2023-0135
8.8 - High
- January 10, 2023
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74
CVE-2023-0138
8.8 - High
- January 10, 2023
Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Memory Corruption
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74
CVE-2023-0141
4.3 - Medium
- January 10, 2023
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Use after free in FileAPI in Google Chrome prior to 72.0.3626.81
CVE-2019-13768
7.4 - High
- January 02, 2023
Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)
Dangling pointer
Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72
CVE-2021-21200
5.4 - Medium
- January 02, 2023
Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)
Out-of-bounds Read
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77
CVE-2021-30558
8.8 - High
- January 02, 2023
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium)
Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51
CVE-2022-0801
6.1 - Medium
- January 02, 2023
Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)
XSS
Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79
CVE-2022-2743
8.8 - High
- January 02, 2023
Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)
Integer Overflow or Wraparound
Use after free in Passwords in Google Chrome prior to 105.0.5195.125
CVE-2022-3842
7.5 - High
- January 02, 2023
Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Browser History in Google Chrome prior to 100.0.4896.75
CVE-2022-3863
6.1 - Medium
- January 02, 2023
Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
Dangling pointer
Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80
CVE-2022-4025
4.3 - Medium
- January 02, 2023
Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)
Exposure of Resource to Wrong Sphere
Use after free in Blink Media in Google Chrome prior to 108.0.5359.124
CVE-2022-4436
8.8 - High
- December 14, 2022
Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124
CVE-2022-4437
8.8 - High
- December 14, 2022
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124
CVE-2022-4438
8.8 - High
- December 14, 2022
Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Profiles in Google Chrome prior to 108.0.5359.124
CVE-2022-4440
8.8 - High
- December 14, 2022
Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Type confusion in V8 in Google Chrome prior to 108.0.5359.94
CVE-2022-4262
8.8 - High
- December 02, 2022
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Type confusion in V8 in Google Chrome prior to 108.0.5359.71
CVE-2022-4174
8.8 - High
- November 30, 2022
Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71
CVE-2022-4175
8.8 - High
- November 30, 2022
Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Extensions in Google Chrome prior to 108.0.5359.71
CVE-2022-4177
8.8 - High
- November 30, 2022
Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)
Dangling pointer
Use after free in Mojo in Google Chrome prior to 108.0.5359.71
CVE-2022-4178
8.8 - High
- November 30, 2022
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Audio in Google Chrome prior to 108.0.5359.71
CVE-2022-4179
8.8 - High
- November 30, 2022
Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Dangling pointer
Use after free in Mojo in Google Chrome prior to 108.0.5359.71
CVE-2022-4180
8.8 - High
- November 30, 2022
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Dangling pointer
Use after free in Forms in Google Chrome prior to 108.0.5359.71
CVE-2022-4181
8.8 - High
- November 30, 2022
Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71
CVE-2022-4182
4.3 - Medium
- November 30, 2022
Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)
Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71
CVE-2022-4183
4.3 - Medium
- November 30, 2022
Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71
CVE-2022-4184
4.3 - Medium
- November 30, 2022
Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71
CVE-2022-4186
4.3 - Medium
- November 30, 2022
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)
Improper Input Validation
Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71
CVE-2022-4189
4.3 - Medium
- November 30, 2022
Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71
CVE-2022-4190
8.8 - High
- November 30, 2022
Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Sign-In in Google Chrome prior to 108.0.5359.71
CVE-2022-4191
8.8 - High
- November 30, 2022
Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)
Dangling pointer
Use after free in Live Caption in Google Chrome prior to 108.0.5359.71
CVE-2022-4192
8.8 - High
- November 30, 2022
Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)
Dangling pointer
Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71
CVE-2022-4193
8.8 - High
- November 30, 2022
Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Accessibility in Google Chrome prior to 108.0.5359.71
CVE-2022-4194
8.8 - High
- November 30, 2022
Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71
CVE-2022-4195
4.3 - Medium
- November 30, 2022
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121
CVE-2022-4135
9.6 - Critical
- November 25, 2022
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Use after free in Skia in Google Chrome prior to 106.0.5249.119
CVE-2022-3445
8.8 - High
- November 09, 2022
Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119
CVE-2022-3446
8.8 - High
- November 09, 2022
Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Use after free in Permissions API in Google Chrome prior to 106.0.5249.119
CVE-2022-3448
8.8 - High
- November 09, 2022
Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119
CVE-2022-3449
8.8 - High
- November 09, 2022
Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Dangling pointer
Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119
CVE-2022-3450
8.8 - High
- November 09, 2022
Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in V8 in Google Chrome prior to 107.0.5304.106
CVE-2022-3885
8.8 - High
- November 09, 2022
Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Web Workers in Google Chrome prior to 107.0.5304.106
CVE-2022-3887
8.8 - High
- November 09, 2022
Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106
CVE-2022-3888
8.8 - High
- November 09, 2022
Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Type confusion in V8 in Google Chrome prior to 107.0.5304.106
CVE-2022-3889
8.8 - High
- November 09, 2022
Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106
CVE-2022-3886
8.8 - High
- November 09, 2022
Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106
CVE-2022-3890
9.6 - Critical
- November 09, 2022
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Type confusion in V8 in Google Chrome prior to 107.0.5304.87
CVE-2022-3723
8.8 - High
- November 01, 2022
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62
CVE-2022-3661
4.3 - Medium
- November 01, 2022
Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)
Improper Input Validation
Use after free in Extensions in Google Chrome prior to 107.0.5304.62
CVE-2022-3657
8.8 - High
- November 01, 2022
Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
Dangling pointer
Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62
CVE-2022-3656
8.8 - High
- November 01, 2022
Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
Improper Input Validation
Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62
CVE-2022-3655
8.8 - High
- November 01, 2022
Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Memory Corruption
Use after free in Layout in Google Chrome prior to 107.0.5304.62
CVE-2022-3654
8.8 - High
- November 01, 2022
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62
CVE-2022-3653
8.8 - High
- November 01, 2022
Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Type confusion in V8 in Google Chrome prior to 107.0.5304.62
CVE-2022-3652
8.8 - High
- November 01, 2022
Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62
CVE-2022-3313
6.5 - Medium
- November 01, 2022
Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Use after free in import in Google Chrome prior to 106.0.5249.62
CVE-2022-3311
6.5 - Medium
- November 01, 2022
Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62
CVE-2022-3443
4.3 - Medium
- November 01, 2022
Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)
Improper Input Validation
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62
CVE-2022-3316
4.3 - Medium
- November 01, 2022
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
Improper Input Validation
Type confusion in Blink in Google Chrome prior to 106.0.5249.62
CVE-2022-3315
8.8 - High
- November 01, 2022
Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Object Type Confusion
Use after free in logging in Google Chrome prior to 106.0.5249.62
CVE-2022-3314
6.5 - Medium
- November 01, 2022
Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62
CVE-2022-3312
4.6 - Medium
- November 01, 2022
Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chromium security severity: Medium)
Improper Input Validation
Use after free in media in Google Chrome prior to 106.0.5249.62
CVE-2022-3307
8.8 - High
- November 01, 2022
Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62
CVE-2022-3308
7.4 - High
- November 01, 2022
Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62
CVE-2022-3444
4.3 - Medium
- November 01, 2022
Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low)
Improper Input Validation
Use after free in CSS in Google Chrome prior to 106.0.5249.62
CVE-2022-3304
8.8 - High
- November 01, 2022
Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91
CVE-2022-3370
8.8 - High
- November 01, 2022
Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91
CVE-2022-3373
8.8 - High
- November 01, 2022
Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75
CVE-2019-5797
7.5 - High
- September 29, 2022
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Double-free
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101
CVE-2022-2860
6.5 - Medium
- September 26, 2022
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52
CVE-2022-3046
8.8 - High
- September 26, 2022
Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52
CVE-2022-3041
8.8 - High
- September 26, 2022
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Layout in Google Chrome prior to 105.0.5195.52
CVE-2022-3040
8.8 - High
- September 26, 2022
Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52
CVE-2022-3039
8.8 - High
- September 26, 2022
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Network Service in Google Chrome prior to 105.0.5195.52
CVE-2022-3038
8.8 - High
- September 26, 2022
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101
CVE-2022-2998
8.8 - High
- September 26, 2022
Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52
CVE-2022-3058
8.8 - High
- September 26, 2022
Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
Dangling pointer
Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52
CVE-2022-3057
6.5 - Medium
- September 26, 2022
Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
AuthZ
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52
CVE-2022-3056
6.5 - Medium
- September 26, 2022
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.
AuthZ
Use after free in Passwords in Google Chrome prior to 105.0.5195.52
CVE-2022-3055
8.8 - High
- September 26, 2022
Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52
CVE-2022-3047
6.5 - Medium
- September 26, 2022
Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
AuthZ
Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52
CVE-2022-3045
8.8 - High
- September 26, 2022
Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
AuthZ
Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52
CVE-2022-3044
6.5 - Medium
- September 26, 2022
Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
AuthZ
Use after free in Blink in Google Chrome prior to 104.0.5112.101
CVE-2022-2857
8.8 - High
- September 26, 2022
Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in ANGLE in Google Chrome prior to 104.0.5112.101
CVE-2022-2855
8.8 - High
- September 26, 2022
Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101
CVE-2022-2854
8.8 - High
- September 26, 2022
Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52
CVE-2022-3054
6.5 - Medium
- September 26, 2022
Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in FedCM in Google Chrome prior to 104.0.5112.101
CVE-2022-2852
8.8 - High
- September 26, 2022
Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in PDF in Google Chrome prior to 105.0.5195.125
CVE-2022-3196
8.8 - High
- September 26, 2022
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Dangling pointer
Use after free in PDF in Google Chrome prior to 105.0.5195.125
CVE-2022-3197
8.8 - High
- September 26, 2022
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Dangling pointer
Use after free in PDF in Google Chrome prior to 105.0.5195.125
CVE-2022-3198
8.8 - High
- September 26, 2022
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Dangling pointer
Use after free in Frames in Google Chrome prior to 105.0.5195.125
CVE-2022-3199
8.8 - High
- September 26, 2022
Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102
CVE-2022-3075
9.6 - Critical
- September 26, 2022
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Improper Input Validation
Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125
CVE-2022-3200
8.8 - High
- September 26, 2022
Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125
CVE-2022-3195
8.8 - High
- September 26, 2022
Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101
CVE-2022-2861
6.5 - Medium
- September 26, 2022
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.
AuthZ
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101
CVE-2022-2858
8.8 - High
- September 26, 2022
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.
Dangling pointer
Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101
CVE-2022-2859
8.8 - High
- September 26, 2022
Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.
Dangling pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Google? Click the Watch button to subscribe.
