Chrome Google Chrome Web browser

Do you want an email whenever new security vulnerabilities are reported in Google Chrome?

Recent Google Chrome Security Advisories

Advisory Title Published
Chrome Releases: Stable Channel Update for Desktop April 5, 2022
Chrome Releases: Stable Channel Update for Desktop April 5, 2022
Chrome Releases: Stable Channel Update for Desktop April 5, 2022
Chrome Releases: Stable Channel Update for Desktop February 12, 2022
Chrome Releases: Stable Channel Update for Desktop February 12, 2022
Chrome Releases: Stable Channel Update for Desktop February 11, 2022
Chrome Releases: Stable Channel Update for Desktop December 23, 2021
Chrome Releases: Stable Channel Update for Desktop December 23, 2021
Chrome Releases: Stable Channel Update for Desktop November 23, 2021
Chrome Releases: Stable Channel Update for Desktop November 2, 2021

@googlechrome Tweets

Introducing a new side panel search for Google Lens in #Chrome. Now, instead of opening a new tab, stay on the sa… https://t.co/ADyHtfCskU
Tue May 24 16:02:38 +0000 2022

By the Year

In 2022 there have been 91 vulnerabilities in Google Chrome with an average score of 8.2 out of ten. Last year Chrome had 329 security vulnerabilities published. Right now, Chrome is on track to have less security vulnerabilities in 2022 than it did last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.15.

Year Vulnerabilities Average Score
2022 91 8.16
2021 329 8.00
2020 227 7.62
2019 303 7.07
2018 114 7.08

It may take a day or so for new Chrome vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Chrome Security Vulnerabilities

Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80

CVE-2022-0466 9.6 - Critical - April 05, 2022

Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.

Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80

CVE-2022-0462 6.5 - Medium - April 05, 2022

Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80

CVE-2022-0467 8.8 - High - April 05, 2022

Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Use after free in Cast in Google Chrome prior to 99.0.4844.51

CVE-2022-0793 6.5 - Medium - April 05, 2022

Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension.

Dangling pointer

Policy bypass in COOP in Google Chrome prior to 98.0.4758.80

CVE-2022-0461 6.5 - Medium - April 05, 2022

Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51

CVE-2022-0808 8.8 - High - April 05, 2022

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions.

Dangling pointer

Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51

CVE-2022-0809 8.8 - High - April 05, 2022

Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80

CVE-2022-0452 9.6 - Critical - April 05, 2022

Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Type confusion in V8 in Google Chrome prior to 98.0.4758.80

CVE-2022-0457 8.8 - High - April 05, 2022

Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80

CVE-2022-0459 8.8 - High - April 05, 2022

Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80

CVE-2022-0470 8.8 - High - April 05, 2022

Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Use after free in Cast UI in Google Chrome prior to 99.0.4844.51

CVE-2022-0790 9.6 - Critical - April 05, 2022

Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in Omnibox in Google Chrome prior to 99.0.4844.51

CVE-2022-0791 8.8 - High - April 05, 2022

Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.

Dangling pointer

Use after free in WebShare in Google Chrome prior to 99.0.4844.51

CVE-2022-0794 8.8 - High - April 05, 2022

Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51

CVE-2022-0795 8.8 - High - April 05, 2022

Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in Media in Google Chrome prior to 99.0.4844.51

CVE-2022-0796 8.8 - High - April 05, 2022

Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51

CVE-2022-0797 8.8 - High - April 05, 2022

Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Buffer Overflow

Use after free in MediaStream in Google Chrome prior to 99.0.4844.51

CVE-2022-0798 8.8 - High - April 05, 2022

Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Dangling pointer

Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51

CVE-2022-0799 8.8 - High - April 05, 2022

Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.

Improper Privilege Management

Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51

CVE-2022-0800 8.8 - High - April 05, 2022

Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51

CVE-2022-0803 6.5 - Medium - April 05, 2022

Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.

Incorrect Permission Assignment for Critical Resource

Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51

CVE-2022-0805 8.8 - High - April 05, 2022

Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

Dangling pointer

Data leak in Canvas in Google Chrome prior to 99.0.4844.51

CVE-2022-0806 6.5 - Medium - April 05, 2022

Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51

CVE-2022-0807 6.5 - Medium - April 05, 2022

Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80

CVE-2022-0454 8.8 - High - April 05, 2022

Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80

CVE-2022-0458 8.8 - High - April 05, 2022

Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80

CVE-2022-0460 8.8 - High - April 05, 2022

Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Accessibility in Google Chrome prior to 98.0.4758.80

CVE-2022-0464 8.8 - High - April 05, 2022

Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

Dangling pointer

Use after free in Extensions in Google Chrome prior to 98.0.4758.80

CVE-2022-0465 8.8 - High - April 05, 2022

Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction.

Dangling pointer

Use after free in Payments in Google Chrome prior to 98.0.4758.80

CVE-2022-0468 8.8 - High - April 05, 2022

Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51

CVE-2022-0789 8.8 - High - April 05, 2022

Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51

CVE-2022-0792 6.5 - Medium - April 05, 2022

Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Out-of-bounds Read

Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80

CVE-2022-0453 8.8 - High - April 05, 2022

Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Web Search in Google Chrome prior to 98.0.4758.80

CVE-2022-0456 8.8 - High - April 05, 2022

Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction.

Dangling pointer

Use after free in Accessibility in Google Chrome prior to 98.0.4758.80

CVE-2022-0463 8.8 - High - April 05, 2022

Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

Dangling pointer

Use after free in Cast in Google Chrome prior to 98.0.4758.80

CVE-2022-0469 8.8 - High - April 05, 2022

Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Webstore API in Google Chrome prior to 98.0.4758.102

CVE-2022-0605 8.8 - High - April 05, 2022

Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in GPU in Google Chrome prior to 98.0.4758.102

CVE-2022-0607 8.8 - High - April 05, 2022

Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102

CVE-2022-0610 8.8 - High - April 05, 2022

Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Use after free in ANGLE in Google Chrome prior to 98.0.4758.102

CVE-2022-0606 8.8 - High - April 05, 2022

Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102

CVE-2022-0604 8.8 - High - April 05, 2022

Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102

CVE-2022-0608 8.8 - High - April 05, 2022

Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Integer Overflow or Wraparound

Use after free in Animation in Google Chrome prior to 98.0.4758.102

CVE-2022-0609 8.8 - High - April 05, 2022

Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Omnibox in Google Chrome prior to 97.0.4692.99

CVE-2022-0295 8.8 - High - February 12, 2022

Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99

CVE-2022-0307 8.8 - High - February 12, 2022

Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99

CVE-2022-0304 8.8 - High - February 12, 2022

Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Omnibox in Google Chrome prior to 97.0.4692.99

CVE-2022-0302 8.8 - High - February 12, 2022

Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Scheduling in Google Chrome prior to 97.0.4692.99

CVE-2022-0298 8.8 - High - February 12, 2022

Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Vulkan in Google Chrome prior to 97.0.4692.99

CVE-2022-0297 8.8 - High - February 12, 2022

Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Printing in Google Chrome prior to 97.0.4692.99

CVE-2022-0296 8.8 - High - February 12, 2022

Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Web packaging in Google Chrome prior to 97.0.4692.99

CVE-2022-0293 8.8 - High - February 12, 2022

Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Site isolation in Google Chrome prior to 97.0.4692.99

CVE-2022-0290 9.6 - Critical - February 12, 2022

Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99

CVE-2022-0289 8.8 - High - February 12, 2022

Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99

CVE-2022-0301 7.8 - High - February 12, 2022

Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99

CVE-2022-0294 6.5 - Medium - February 12, 2022

Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99

CVE-2022-0292 6.5 - Medium - February 12, 2022

Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99

CVE-2022-0291 6.5 - Medium - February 12, 2022

Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99

CVE-2022-0311 8.8 - High - February 12, 2022

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99

CVE-2022-0310 8.8 - High - February 12, 2022

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.

Memory Corruption

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99

CVE-2022-0309 6.5 - Medium - February 12, 2022

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

AuthZ

Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99

CVE-2022-0306 8.8 - High - February 12, 2022

Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99

CVE-2022-0305 6.5 - Medium - February 12, 2022

Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

AuthZ

Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71

CVE-2022-0113 6.5 - Medium - February 12, 2022

Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71

CVE-2022-0114 8.1 - High - February 12, 2022

Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.

Out-of-bounds Read

Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71

CVE-2022-0105 8.8 - High - February 12, 2022

Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71

CVE-2022-0103 8.8 - High - February 12, 2022

Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Type confusion in V8 in Google Chrome prior to 97.0.4692.71

CVE-2022-0102 8.8 - High - February 12, 2022

Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in Storage in Google Chrome prior to 97.0.4692.71

CVE-2022-0096 8.8 - High - February 12, 2022

Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71

CVE-2022-0111 6.5 - Medium - February 12, 2022

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.

Origin Validation Error

Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71

CVE-2022-0110 4.3 - Medium - February 12, 2022

Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Improper Input Validation

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71

CVE-2022-0109 6.5 - Medium - February 12, 2022

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71

CVE-2022-0108 6.5 - Medium - February 12, 2022

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71

CVE-2022-0104 8.8 - High - February 12, 2022

Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71

CVE-2022-0101 8.8 - High - February 12, 2022

Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture.

Memory Corruption

Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71

CVE-2022-0107 8.8 - High - February 12, 2022

Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Autofill in Google Chrome prior to 97.0.4692.71

CVE-2022-0106 8.8 - High - February 12, 2022

Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71

CVE-2022-0100 8.8 - High - February 12, 2022

Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71

CVE-2022-0098 8.8 - High - February 12, 2022

Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures.

Dangling pointer

Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71

CVE-2022-0112 4.3 - Medium - February 12, 2022

Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL.

Use after free in Sign-in in Google Chrome prior to 97.0.4692.71

CVE-2022-0099 8.8 - High - February 12, 2022

Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.

Dangling pointer

Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71

CVE-2022-0120 6.5 - Medium - February 12, 2022

Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.

Origin Validation Error

Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71

CVE-2022-0118 4.3 - Medium - February 12, 2022

Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page.

Policy bypass in Blink in Google Chrome prior to 97.0.4692.71

CVE-2022-0117 6.5 - Medium - February 12, 2022

Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71

CVE-2022-0116 4.3 - Medium - February 12, 2022

Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71

CVE-2022-0097 9.6 - Critical - February 12, 2022

Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.

Uninitialized use in File API in Google Chrome prior to 97.0.4692.71

CVE-2022-0115 8.8 - High - February 12, 2022

Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Use of Uninitialized Resource

Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110

CVE-2021-4098 7.4 - High - February 11, 2022

Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Improper Input Validation

Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110

CVE-2021-4099 8.8 - High - February 11, 2022

Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110

CVE-2021-4100 8.8 - High - February 11, 2022

Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110

CVE-2021-4101 8.8 - High - February 11, 2022

Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in V8 in Google Chrome prior to 96.0.4664.110

CVE-2021-4102 8.8 - High - February 11, 2022

Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93

CVE-2021-4062 8.8 - High - December 23, 2021

Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Type confusion in V8 in Google Chrome prior to 96.0.4664.93

CVE-2021-4061 8.8 - High - December 23, 2021

Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93

CVE-2021-4059 6.5 - Medium - December 23, 2021

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Improper Input Validation

Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93

CVE-2021-4058 8.8 - High - December 23, 2021

Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93

CVE-2021-4055 8.8 - High - December 23, 2021

Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Memory Corruption

Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93

CVE-2021-4053 8.8 - High - December 23, 2021

Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93

CVE-2021-4054 6.5 - Medium - December 23, 2021

Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Use after free in file API in Google Chrome prior to 96.0.4664.93

CVE-2021-4057 8.8 - High - December 23, 2021

Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Type confusion in loader in Google Chrome prior to 96.0.4664.93

CVE-2021-4056 8.8 - High - December 23, 2021

Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Google? Click the Watch button to subscribe.

Google
Vendor

Google Chrome
Web browser

subscribe