Chrome Google Chrome Web browser

  1. Vendors
  2. Google
  3. Chrome
Do you want an email whenever new security vulnerabilities are reported in Google Chrome?

Recent Google Chrome Security Advisories

Advisory Title Published
Chrome Releases: Stable Channel Update for Desktop November 15, 2023
Chrome Releases: Stable Channel Update for Desktop November 1, 2023
Chrome Releases: Stable Channel Update for Desktop October 25, 2023
Chrome Releases: Stable Channel Update for Desktop October 11, 2023
Chrome Releases: Stable Channel Update for Desktop October 5, 2023
Chrome Releases: Stable Channel Update for Desktop September 28, 2023
Chrome Releases: Stable Channel Update for Desktop September 12, 2023
Chrome Releases: Stable Channel Update for Desktop September 5, 2023
Chrome Releases: Stable Channel Update for Desktop August 29, 2023
Chrome Releases: Stable Channel Update for Desktop August 23, 2023

Known Exploited Google Chrome Vulnerabilities

The following Google Chrome vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Google Chrome Skia Integer Overflow Vulnerability Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. CVE-2023-2136 April 21, 2023
Google Chrome Use-After-Free Vulnerability Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. CVE-2022-3038 March 30, 2023
Google Chrome Heap Buffer Overflow Vulnerability Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-4135 November 28, 2022
Google Chrome Intents Insufficient Input Validation Vulnerability Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available. CVE-2022-2856 August 18, 2022
Google Chrome Use-After-Free Vulnerability Use-after-free in WebAudio in Google Chrome allows a remote attacker to potentially exploit heap corruption. CVE-2019-13720 May 23, 2022
Google Chrome Use-After-Free Vulnerability Google Chrome contains a heap use-after-free vulnerability which allows an attacker to potentially perform out of bounds memory access. CVE-2019-5786 May 23, 2022
Google Chrome Use-After-Free Vulnerability The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. CVE-2022-0609 February 15, 2022
Google Chrome Prior to 81.0.4044.92 Use-After-Free Vulnerability Use-after-free vulnerability in Media in Google Chrome prior to 81.0.4044.92 allowed a Remote attacker to execute arbitrary code via a crafted HTML page. CVE-2020-6572 January 10, 2022
Google Chrome Browser V8 Arbitrary Code Execution Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30563 November 3, 2021
Google Chrome FreeType Memory Corruption Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 November 3, 2021
Google Chrome WebGL Use-After-Free Vulnerability Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30554 November 3, 2021
Google Chrome Use-After-Free Vulnerability Google Chrome use-after-free error within the V8 browser engine. CVE-2021-37975 November 3, 2021
Google Chrome Use-After-Free Vulnerability Use-after-free weakness in Portals, Google's new web page navigation system for Chrome. Successful exploitation can let attackers to execute code. CVE-2021-37973 November 3, 2021
Google Chrome Use-After-Free Vulnerability Google Chrome Use-After-Free vulnerability CVE-2021-30633 November 3, 2021
Google Chrome Out-of-bounds write Google Chrome out-of-bounds write that allows to execute arbitrary code on the target system. CVE-2021-30632 November 3, 2021
Google Chrome Information Leakage Information disclosure in Google Chrome that exists due to excessive data output in core. CVE-2021-37976 November 3, 2021
Google Chrome Site Isolation Component Use-After-Free Remote Code Execution vulnerability Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16017 November 3, 2021
Google Chrome Heap Buffer Overflow in WebAudio Vulnerability Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21166 November 3, 2021

By the Year

In 2023 there have been 233 vulnerabilities in Google Chrome with an average score of 7.5 out of ten. Last year Chrome had 295 security vulnerabilities published. Right now, Chrome is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.57

Year Vulnerabilities Average Score
2023 233 7.48
2022 295 8.05
2021 329 8.00
2020 227 7.62
2019 303 7.07
2018 114 7.08

It may take a day or so for new Chrome vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Chrome Security Vulnerabilities

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199

CVE-2023-6345 9.6 - Critical - November 29, 2023

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Integer Overflow or Wraparound

Use after free in WebAudio in Google Chrome prior to 119.0.6045.199

CVE-2023-6346 8.8 - High - November 29, 2023

Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Mojo in Google Chrome prior to 119.0.6045.199

CVE-2023-6347 8.8 - High - November 29, 2023

Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in libavif in Google Chrome prior to 119.0.6045.199

CVE-2023-6350 8.8 - High - November 29, 2023

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)

Dangling pointer

Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159

CVE-2023-5997 8.8 - High - November 15, 2023

Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Navigation in Google Chrome prior to 119.0.6045.159

CVE-2023-6112 8.8 - High - November 15, 2023

Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123

CVE-2023-5996 8.8 - High - November 08, 2023

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105

CVE-2023-5480 6.1 - Medium - November 01, 2023

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)

XSS

Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105

CVE-2023-5482 8.8 - High - November 01, 2023

Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Insufficient Verification of Data Authenticity

Integer overflow in USB in Google Chrome prior to 119.0.6045.105

CVE-2023-5849 8.8 - High - November 01, 2023

Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Integer Overflow or Wraparound

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105

CVE-2023-5850 4.3 - Medium - November 01, 2023

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105

CVE-2023-5851 4.3 - Medium - November 01, 2023

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Origin Validation Error

Use after free in Printing in Google Chrome prior to 119.0.6045.105

CVE-2023-5852 8.8 - High - November 01, 2023

Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

Dangling pointer

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105

CVE-2023-5853 4.3 - Medium - November 01, 2023

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Origin Validation Error

Use after free in Profiles in Google Chrome prior to 119.0.6045.105

CVE-2023-5854 8.8 - High - November 01, 2023

Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

Dangling pointer

Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105

CVE-2023-5855 8.8 - High - November 01, 2023

Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

Dangling pointer

Use after free in Side Panel in Google Chrome prior to 119.0.6045.105

CVE-2023-5856 8.8 - High - November 01, 2023

Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105

CVE-2023-5857 8.8 - High - November 01, 2023

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)

Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105

CVE-2023-5858 4.3 - Medium - November 01, 2023

Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

Origin Validation Error

Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105

CVE-2023-5859 4.3 - Medium - November 01, 2023

Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)

Origin Validation Error

Use after free in Profiles in Google Chrome prior to 118.0.5993.117

CVE-2023-5472 8.8 - High - October 25, 2023

Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70

CVE-2023-5218 8.8 - High - October 11, 2023

Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Dangling pointer

Use after free in Cast in Google Chrome prior to 118.0.5993.70

CVE-2023-5473 6.3 - Medium - October 11, 2023

Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Dangling pointer

Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70

CVE-2023-5474 8.8 - High - October 11, 2023

Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

Memory Corruption

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70

CVE-2023-5475 6.5 - Medium - October 11, 2023

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)

Use after free in Blink History in Google Chrome prior to 118.0.5993.70

CVE-2023-5476 8.8 - High - October 11, 2023

Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70

CVE-2023-5477 4.3 - Medium - October 11, 2023

Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low)

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70

CVE-2023-5478 4.3 - Medium - October 11, 2023

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70

CVE-2023-5479 6.5 - Medium - October 11, 2023

Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70

CVE-2023-5481 6.5 - Medium - October 11, 2023

Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70

CVE-2023-5483 6.5 - Medium - October 11, 2023

Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70

CVE-2023-5484 6.5 - Medium - October 11, 2023

Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70

CVE-2023-5485 4.3 - Medium - October 11, 2023

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70

CVE-2023-5486 4.3 - Medium - October 11, 2023

Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70

CVE-2023-5487 6.5 - Medium - October 11, 2023

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

Type confusion in V8 in Google Chrome prior to 117.0.5938.149

CVE-2023-5346 8.8 - High - October 05, 2023

Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Use after free in Passwords in Google Chrome prior to 117.0.5938.132

CVE-2023-5186 8.8 - High - September 28, 2023

Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)

Dangling pointer

Use after free in Extensions in Google Chrome prior to 117.0.5938.132

CVE-2023-5187 8.8 - High - September 28, 2023

Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62

CVE-2023-4901 4.3 - Medium - September 12, 2023

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62

CVE-2023-4902 4.3 - Medium - September 12, 2023

Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62

CVE-2023-4904 4.3 - Medium - September 12, 2023

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62

CVE-2023-4905 4.3 - Medium - September 12, 2023

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62

CVE-2023-4906 4.3 - Medium - September 12, 2023

Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62

CVE-2023-4908 4.3 - Medium - September 12, 2023

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62

CVE-2023-4909 4.3 - Medium - September 12, 2023

Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2

CVE-2023-4863 8.8 - High - September 12, 2023

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Memory Corruption

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page

CVE-2023-4762 8.8 - High - September 05, 2023

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Use after free in Networks in Google Chrome prior to 116.0.5845.179

CVE-2023-4763 8.8 - High - September 05, 2023

Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179

CVE-2023-4764 6.5 - Medium - September 05, 2023

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179

CVE-2023-4761 8.1 - High - September 05, 2023

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Out-of-bounds Read

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140

CVE-2023-4572 8.8 - High - August 29, 2023

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62

CVE-2022-4452 8.8 - High - August 25, 2023

Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110

CVE-2023-4427 8.1 - High - August 23, 2023

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Out-of-bounds Read

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110

CVE-2023-4428 8.1 - High - August 23, 2023

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Out-of-bounds Read

Use after free in Loader in Google Chrome prior to 116.0.5845.110

CVE-2023-4429 8.8 - High - August 23, 2023

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110

CVE-2023-4430 8.8 - High - August 23, 2023

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110

CVE-2023-4431 8.1 - High - August 23, 2023

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Out-of-bounds Read

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96

CVE-2023-4357 8.8 - High - August 15, 2023

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Use after free in DNS in Google Chrome prior to 116.0.5845.96

CVE-2023-4358 8.8 - High - August 15, 2023

Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96

CVE-2023-4360 4.3 - Medium - August 15, 2023

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Extensions in Google Chrome prior to 116.0.5845.96

CVE-2023-4366 8.8 - High - August 15, 2023

Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96

CVE-2023-4367 6.5 - Medium - August 15, 2023

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96

CVE-2023-4362 8.8 - High - August 15, 2023

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Memory Corruption

Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96

CVE-2023-4364 4.3 - Medium - August 15, 2023

Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96

CVE-2023-4365 4.3 - Medium - August 15, 2023

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96

CVE-2023-4368 8.8 - High - August 15, 2023

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Network in Google Chrome prior to 116.0.5845.96

CVE-2023-4351 8.8 - High - August 15, 2023

Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Type confusion in V8 in Google Chrome prior to 116.0.5845.96

CVE-2023-4352 8.8 - High - August 15, 2023

Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96

CVE-2023-4353 8.8 - High - August 15, 2023

Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96

CVE-2023-4354 8.8 - High - August 15, 2023

Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96

CVE-2023-4355 8.8 - High - August 15, 2023

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in Audio in Google Chrome prior to 116.0.5845.96

CVE-2023-4356 8.8 - High - August 15, 2023

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96

CVE-2023-4349 8.8 - High - August 15, 2023

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71

CVE-2022-4955 6.5 - Medium - August 04, 2023

Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170

CVE-2023-4077 8.8 - High - August 03, 2023

Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170

CVE-2023-4078 8.8 - High - August 03, 2023

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

Use after free in WebRTC in Google Chrome prior to 115.0.5790.170

CVE-2023-4076 8.8 - High - August 03, 2023

Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)

Dangling pointer

Use after free in Cast in Google Chrome prior to 115.0.5790.170

CVE-2023-4075 8.8 - High - August 03, 2023

Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170

CVE-2023-4074 8.8 - High - August 03, 2023

Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170

CVE-2023-4072 8.8 - High - August 03, 2023

Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Out-of-bounds Read

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170

CVE-2023-4070 8.1 - High - August 03, 2023

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170

CVE-2023-4069 8.8 - High - August 03, 2023

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170

CVE-2023-4068 8.1 - High - August 03, 2023

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170

CVE-2023-4071 8.8 - High - August 03, 2023

Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98

CVE-2023-3737 4.3 - Medium - August 01, 2023

Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98

CVE-2023-3735 4.3 - Medium - August 01, 2023

Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98

CVE-2023-3734 4.3 - Medium - August 01, 2023

Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98

CVE-2023-3733 4.3 - Medium - August 01, 2023

Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98

CVE-2023-3732 8.8 - High - August 01, 2023

Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in WebRTC in Google Chrome prior to 115.0.5790.98

CVE-2023-3728 8.8 - High - August 01, 2023

Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in WebRTC in Google Chrome prior to 115.0.5790.98

CVE-2023-3727 8.8 - High - August 01, 2023

Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98

CVE-2023-3738 4.3 - Medium - August 01, 2023

Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98

CVE-2023-3740 4.3 - Medium - August 01, 2023

Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low)

Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98

CVE-2023-3730 8.8 - High - August 01, 2023

Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Blink in Google Chrome prior to 92.0.4515.107

CVE-2021-4320 8.8 - High - July 29, 2023

Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64

CVE-2023-2314 6.5 - Medium - July 29, 2023

Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Insufficient Verification of Data Authenticity

Use after free in Blink in Google Chrome prior to 93.0.4577.82

CVE-2021-4319 8.8 - High - July 29, 2023

Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Object corruption in Blink in Google Chrome prior to 94.0.4606.54

CVE-2021-4318 8.8 - High - July 29, 2023

Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Use after free in ANGLE in Google Chrome prior to 96.0.4664.93

CVE-2021-4317 8.8 - High - July 29, 2023

Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45

CVE-2021-4316 4.3 - Medium - July 29, 2023

Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Google Chrome or by Google? Click the Watch button to subscribe.

Google
Vendor

Google Chrome
Web browser

subscribe