Google Chrome Web browser
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Google Chrome.
Recent Google Chrome Security Advisories
Known Exploited Google Chrome Vulnerabilities
The following Google Chrome vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Google Chrome Skia Integer Overflow Vulnerability |
Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. CVE-2023-2136 Exploit Probability: 0.4% |
April 21, 2023 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. CVE-2022-3038 Exploit Probability: 36.0% |
March 30, 2023 |
| Google Chrome Heap Buffer Overflow Vulnerability |
Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-4135 Exploit Probability: 0.1% |
November 28, 2022 |
| Google Chrome Intents Insufficient Input Validation Vulnerability |
Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available. CVE-2022-2856 Exploit Probability: 5.1% |
August 18, 2022 |
| Google Chrome Use-After-Free Vulnerability |
Use-after-free in WebAudio in Google Chrome allows a remote attacker to potentially exploit heap corruption. CVE-2019-13720 Exploit Probability: 89.7% |
May 23, 2022 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome contains a heap use-after-free vulnerability which allows an attacker to potentially perform out of bounds memory access. CVE-2019-5786 Exploit Probability: 90.3% |
May 23, 2022 |
| Google Chrome Use-After-Free Vulnerability |
The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. CVE-2022-0609 Exploit Probability: 41.5% |
February 15, 2022 |
| Google Chrome Prior to 81.0.4044.92 Use-After-Free Vulnerability |
Use-after-free vulnerability in Media in Google Chrome prior to 81.0.4044.92 allowed a Remote attacker to execute arbitrary code via a crafted HTML page. CVE-2020-6572 Exploit Probability: 15.0% |
January 10, 2022 |
| Google Chrome Browser V8 Arbitrary Code Execution |
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30563 Exploit Probability: 3.6% |
November 3, 2021 |
| Google Chrome FreeType Memory Corruption |
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 Exploit Probability: 92.9% |
November 3, 2021 |
| Google Chrome WebGL Use-After-Free Vulnerability |
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30554 Exploit Probability: 4.6% |
November 3, 2021 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome use-after-free error within the V8 browser engine. CVE-2021-37975 Exploit Probability: 62.9% |
November 3, 2021 |
| Google Chrome Use-After-Free Vulnerability |
Use-after-free weakness in Portals, Google's new web page navigation system for Chrome. Successful exploitation can let attackers to execute code. CVE-2021-37973 Exploit Probability: 4.3% |
November 3, 2021 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome Use-After-Free vulnerability CVE-2021-30633 Exploit Probability: 38.2% |
November 3, 2021 |
| Google Chrome Out-of-bounds write |
Google Chrome out-of-bounds write that allows to execute arbitrary code on the target system. CVE-2021-30632 Exploit Probability: 83.2% |
November 3, 2021 |
| Google Chrome Information Leakage |
Information disclosure in Google Chrome that exists due to excessive data output in core. CVE-2021-37976 Exploit Probability: 6.6% |
November 3, 2021 |
| Google Chrome Site Isolation Component Use-After-Free Remote Code Execution vulnerability |
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16017 Exploit Probability: 21.4% |
November 3, 2021 |
| Google Chrome Heap Buffer Overflow in WebAudio Vulnerability |
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21166 Exploit Probability: 42.2% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 4 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 6 known exploited Google Chrome vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
EOL Dates
Ensure that you are using a supported version of Google Chrome. Here are some end of life, and end of support dates for Google Chrome.
| Release | EOL Date | Status |
|---|---|---|
| 143 | - |
Active
|
| 142 | December 2, 2025 |
EOL
Google Chrome 142 became EOL in 2025. |
| 141 | October 28, 2025 |
EOL
Google Chrome 141 became EOL in 2025. |
| 140 | September 30, 2025 |
EOL
Google Chrome 140 became EOL in 2025. |
| 139 | September 2, 2025 |
EOL
Google Chrome 139 became EOL in 2025. |
| 138 | August 5, 2025 |
EOL
Google Chrome 138 became EOL in 2025. |
| 137 | June 24, 2025 |
EOL
Google Chrome 137 became EOL in 2025. |
| 136 | May 27, 2025 |
EOL
Google Chrome 136 became EOL in 2025. |
| 135 | April 29, 2025 |
EOL
Google Chrome 135 became EOL in 2025. |
| 134 | April 1, 2025 |
EOL
Google Chrome 134 became EOL in 2025. |
| 133 | March 4, 2025 |
EOL
Google Chrome 133 became EOL in 2025. |
| 132 | February 4, 2025 |
EOL
Google Chrome 132 became EOL in 2025. |
| 131 | January 14, 2025 |
EOL
Google Chrome 131 became EOL in 2025. |
| 130 | November 12, 2024 |
EOL
Google Chrome 130 became EOL in 2024. |
| 129 | October 15, 2024 |
EOL
Google Chrome 129 became EOL in 2024. |
| 128 | September 17, 2024 |
EOL
Google Chrome 128 became EOL in 2024. |
| 127 | August 20, 2024 |
EOL
Google Chrome 127 became EOL in 2024. |
| 126 | July 23, 2024 |
EOL
Google Chrome 126 became EOL in 2024. |
| 125 | June 11, 2024 |
EOL
Google Chrome 125 became EOL in 2024. |
| 124 | May 14, 2024 |
EOL
Google Chrome 124 became EOL in 2024. |
By the Year
In 2026 there have been 1 vulnerability in Google Chrome with an average score of 8.8 out of ten. Last year, in 2025 Chrome had 204 security vulnerabilities published. Right now, Chrome is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.96.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 8.80 |
| 2025 | 204 | 6.84 |
| 2024 | 266 | 7.73 |
| 2023 | 297 | 7.39 |
| 2022 | 342 | 7.96 |
| 2021 | 330 | 8.00 |
| 2020 | 228 | 7.64 |
| 2019 | 304 | 7.07 |
| 2018 | 114 | 7.08 |
It may take a day or so for new Chrome vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Chrome Security Vulnerabilities
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192
CVE-2026-0628
8.8 - High
- January 06, 2026
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
AuthZ
V8 OOB Read/Write in Google Chrome <143.0.7499.147
CVE-2025-14766
8.8 - High
- December 16, 2025
Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Out-of-bounds Read
Google Chrome WebGPU UAF in v143.0.7499.147
CVE-2025-14765
8.8 - High
- December 16, 2025
Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Chrome Android <143.0.7499.110 Domain Spoof via Toolbar (Chromium)
CVE-2025-14373
4.3 - Medium
- December 12, 2025
Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
Clickjacking
UAF in Chrome Password Manager <143.0.7499.110 sandbox escape
CVE-2025-14372
6.1 - Medium
- December 12, 2025
Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Out-of-Bounds in ANGLE, Google Chrome <143.0.7499.110, Mac
CVE-2025-14174
8.8 - High
- December 12, 2025
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Buffer Overflow
CVE-2025-13992: Chrome Side-Channel Leak Bypass Isolation pre-139.0.7258.66
CVE-2025-13992
4.7 - Medium
- December 03, 2025
Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
Improper Protection Against Physical Side Channels
UAF via Digital Credentials Heap Corruption in Chrome <143.0.7499.41
CVE-2025-13633
8.8 - High
- December 02, 2025
Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Heap Corruption Race in V8 -> Chrome <143.0.7499.41
CVE-2025-13721
7.5 - High
- December 02, 2025
Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Race Condition
Chrome <143.0.7499.41 Bad cast in Loader -> Heap Corruption via HTML
CVE-2025-13720
8.8 - High
- December 02, 2025
Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Incorrect Type Conversion or Cast
Chrome Password Bypass via Physical Access (143.0.7499.41)
CVE-2025-13640
3.5 - Low
- December 02, 2025
Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low)
Google Chrome WebRTC arbitrary RW before 143.0.7499.41
CVE-2025-13639
8.1 - High
- December 02, 2025
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)
XSS
UA-FREE in Chrome Media Stream (pre-143.0.7499.41)
CVE-2025-13638
8.8 - High
- December 02, 2025
Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Dangling pointer
Chrome <143: UI Gesture Bypass Download Protection
CVE-2025-13637
4.3 - Medium
- December 02, 2025
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low)
The UI Performs the Wrong Action
Google Chrome UI Spoofing via Split View <143.0.7499.41
CVE-2025-13636
4.3 - Medium
- December 02, 2025
Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)
Authentication Bypass by Spoofing
Google Chrome Downloads UI Spoofing before 143.0.7499.41
CVE-2025-13635
4.4 - Medium
- December 02, 2025
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Authentication Bypass by Spoofing
Chrome<143.0.7499.41 Local MOW Bypass via Downloads
CVE-2025-13634
4.4 - Medium
- December 02, 2025
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)
Authentication Bypass by Spoofing
Google Chrome Mac OS <=143.0.7499.40 PrivEsc via Google Updater crafted file
CVE-2025-13631
8.8 - High
- December 02, 2025
Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High)
Chrome <=143.0.7499.41 DevTools Sandbox Escape CVE-2025-13632
CVE-2025-13632
5.4 - Medium
- December 02, 2025
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: High)
Unexpected Sign Extension
V8 Type Confusion -> heap corruption in Chrome <143.0.7499.41
CVE-2025-13630
8.8 - High
- December 02, 2025
Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Google Chrome V8 Heap Corrupt via Type Confusion before 142.0.7444.59
CVE-2025-13230
8.8 - High
- November 17, 2025
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
High Severity Type Confusion in Chrome V8 before 142.0.7444.59 Heap Corruption
CVE-2025-13229
8.8 - High
- November 17, 2025
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Chrome V8 Heap Corruption via Type Confusion <142.0.7444.59
CVE-2025-13228
8.8 - High
- November 17, 2025
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
V8 Type Confusion in Google Chrome <142.0.7444.59 Heap Corrupt
CVE-2025-13227
8.8 - High
- November 17, 2025
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Chrome V8 Type Confusion before 142.0.7444.59
CVE-2025-13226
8.8 - High
- November 17, 2025
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Type Confusion in V8 of Google Chrome <142.0.7444.175 via HTML Heap Corruption
CVE-2025-13224
8.8 - High
- November 17, 2025
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Type Confusion in V8 (Chrome <142.0.7444.175) Allows Heap Corruption
CVE-2025-13223
8.8 - High
- November 17, 2025
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
UI Spoofing via Compositing in Google Chrome <140.0.7339.80
CVE-2025-13107
4.3 - Medium
- November 14, 2025
Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
User Interface (UI) Misrepresentation of Critical Information
Chrome UI Spoof via Autofill (before 124.0.6367.60)
CVE-2024-7021
4.3 - Medium
- November 14, 2025
Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
User Interface (UI) Misrepresentation of Critical Information
Chrome DevTools sandbox escape via crafted HTML (pre-126.0.6478.182)
CVE-2024-7017
7.5 - High
- November 14, 2025
Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Race Condition
Chrome Fullscreen UI Spoofing via Remote Crafted Page (v<=128.0.6613.84)
CVE-2024-13178
4.3 - Medium
- November 14, 2025
Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
User Interface (UI) Misrepresentation of Critical Information
Google Chrome Android <134.0.6998.35: UI Spoofing via WebApp Installs
CVE-2025-13102
4.3 - Medium
- November 14, 2025
Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
User Interface (UI) Misrepresentation of Critical Information
Use-after-free in Chrome iOS Internals before 127.0.6533.88 via UI gestures
CVE-2024-9126
7.5 - High
- November 14, 2025
Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a series of curated UI gestures. (Chromium security severity: Medium)
Dangling pointer
OOB Mem Access in Dawn (Chrome Mac < 130.0.6723.92)
CVE-2024-11920
4.3 - Medium
- November 14, 2025
Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Out-of-bounds Read
Chrome (<129.0.6668.58) Intents UI Spoofing (Low)
CVE-2024-11919
4.3 - Medium
- November 14, 2025
Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
User Interface (UI) Misrepresentation of Critical Information
Out-of-bounds read in V8 (Chrome <133.0.6943.141) Heap corruption risk
CVE-2025-9479
4.3 - Medium
- November 14, 2025
Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Out-of-bounds Read
Chrome iOS Lens QR UI Spoof <v136.0.7103.59
CVE-2024-13983
6.3 - Medium
- November 14, 2025
Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low)
Open Redirect
Chrome DevTools Sandbox Escape Before 136.0.7103.59 via Crafted HTML
CVE-2025-13097
5.4 - Medium
- November 14, 2025
Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
XSS
Heap Corruption via HTML in Chrome V8 before 142.0.7444.166
CVE-2025-13042
8.8 - High
- November 12, 2025
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
UI Spoofing via Omnibox in Google Chrome on Android <142.0.7444.137
CVE-2025-12729
4.2 - Medium
- November 10, 2025
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
User Interface (UI) Misrepresentation of Critical Information
Chrome V8 Heap Corruption via Crafted HTML (v<142.0.7444.137)
CVE-2025-12727
8.8 - High
- November 10, 2025
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
UI Spoofing in Omnibox (Chrome Android <142.0.7444.137)
CVE-2025-12728
4.2 - Medium
- November 10, 2025
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
User Interface (UI) Misrepresentation of Critical Information
Priv Escalation via Views in Google Chrome 142.0.7444.137
CVE-2025-12726
7.5 - High
- November 10, 2025
Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
Improper Privilege Management
Out-of-bounds Read in WebGPU on Chrome Android <142.0.7444.137
CVE-2025-12725
8.8 - High
- November 10, 2025
Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Out-of-bounds Read
Google Chrome Android 142.0.7444.59: UI Spoofing via crafted HTML
CVE-2025-12447
4.2 - Medium
- November 10, 2025
Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Missing Authentication for Critical Function
Google Chrome SplitView UI Spoofing <142.0.7444.59
CVE-2025-12446
4.2 - Medium
- November 10, 2025
Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)
User Interface (UI) Misrepresentation of Critical Information
Chrome Extensions Policy Bypass pre-142.0.7444.59
CVE-2025-12445
6.5 - Medium
- November 10, 2025
Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)
Authentication Bypass Using an Alternate Path or Channel
UI Spoofing via Chrome Fullscreen UI < 142.0.7444.59
CVE-2025-12444
4.2 - Medium
- November 10, 2025
Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Missing Authentication for Critical Function
Out of Bounds Read in Chrome WebXR Before 142.0.7444.59
CVE-2025-12443
4.3 - Medium
- November 10, 2025
Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Out-of-bounds Read
Chrome < 142.0.7444.59: Autofill memory leak via crafted HTML (CVE-2025-12440)
CVE-2025-12440
5.3 - Medium
- November 10, 2025
Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Classic Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google Chrome or by Google? Click the Watch button to subscribe.
