Google Chrome Web browser
Recent Google Chrome Security Advisories
@googlechrome Tweets

Tue May 24 16:02:38 +0000 2022
By the Year
In 2022 there have been 91 vulnerabilities in Google Chrome with an average score of 8.2 out of ten. Last year Chrome had 329 security vulnerabilities published. Right now, Chrome is on track to have less security vulnerabilities in 2022 than it did last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.15.
Year | Vulnerabilities | Average Score |
---|---|---|
2022 | 91 | 8.16 |
2021 | 329 | 8.00 |
2020 | 227 | 7.62 |
2019 | 303 | 7.07 |
2018 | 114 | 7.08 |
It may take a day or so for new Chrome vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Chrome Security Vulnerabilities
Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80
CVE-2022-0466
9.6 - Critical
- April 05, 2022
Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80
CVE-2022-0462
6.5 - Medium
- April 05, 2022
Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80
CVE-2022-0467
8.8 - High
- April 05, 2022
Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Use after free in Cast in Google Chrome prior to 99.0.4844.51
CVE-2022-0793
6.5 - Medium
- April 05, 2022
Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension.
Dangling pointer
Policy bypass in COOP in Google Chrome prior to 98.0.4758.80
CVE-2022-0461
6.5 - Medium
- April 05, 2022
Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page.
Exposure of Resource to Wrong Sphere
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51
CVE-2022-0808
8.8 - High
- April 05, 2022
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions.
Dangling pointer
Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51
CVE-2022-0809
8.8 - High
- April 05, 2022
Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Buffer Overflow
Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80
CVE-2022-0452
9.6 - Critical
- April 05, 2022
Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Type confusion in V8 in Google Chrome prior to 98.0.4758.80
CVE-2022-0457
8.8 - High
- April 05, 2022
Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80
CVE-2022-0459
8.8 - High
- April 05, 2022
Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80
CVE-2022-0470
8.8 - High
- April 05, 2022
Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Buffer Overflow
Use after free in Cast UI in Google Chrome prior to 99.0.4844.51
CVE-2022-0790
9.6 - Critical
- April 05, 2022
Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Use after free in Omnibox in Google Chrome prior to 99.0.4844.51
CVE-2022-0791
8.8 - High
- April 05, 2022
Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.
Dangling pointer
Use after free in WebShare in Google Chrome prior to 99.0.4844.51
CVE-2022-0794
8.8 - High
- April 05, 2022
Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51
CVE-2022-0795
8.8 - High
- April 05, 2022
Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Use after free in Media in Google Chrome prior to 99.0.4844.51
CVE-2022-0796
8.8 - High
- April 05, 2022
Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51
CVE-2022-0797
8.8 - High
- April 05, 2022
Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Buffer Overflow
Use after free in MediaStream in Google Chrome prior to 99.0.4844.51
CVE-2022-0798
8.8 - High
- April 05, 2022
Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
Dangling pointer
Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51
CVE-2022-0799
8.8 - High
- April 05, 2022
Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.
Improper Privilege Management
Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51
CVE-2022-0800
8.8 - High
- April 05, 2022
Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51
CVE-2022-0803
6.5 - Medium
- April 05, 2022
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.
Incorrect Permission Assignment for Critical Resource
Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51
CVE-2022-0805
8.8 - High
- April 05, 2022
Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
Dangling pointer
Data leak in Canvas in Google Chrome prior to 99.0.4844.51
CVE-2022-0806
6.5 - Medium
- April 05, 2022
Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.
Exposure of Resource to Wrong Sphere
Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51
CVE-2022-0807
6.5 - Medium
- April 05, 2022
Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80
CVE-2022-0454
8.8 - High
- April 05, 2022
Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80
CVE-2022-0458
8.8 - High
- April 05, 2022
Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80
CVE-2022-0460
8.8 - High
- April 05, 2022
Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Accessibility in Google Chrome prior to 98.0.4758.80
CVE-2022-0464
8.8 - High
- April 05, 2022
Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
Dangling pointer
Use after free in Extensions in Google Chrome prior to 98.0.4758.80
CVE-2022-0465
8.8 - High
- April 05, 2022
Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction.
Dangling pointer
Use after free in Payments in Google Chrome prior to 98.0.4758.80
CVE-2022-0468
8.8 - High
- April 05, 2022
Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51
CVE-2022-0789
8.8 - High
- April 05, 2022
Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51
CVE-2022-0792
6.5 - Medium
- April 05, 2022
Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Out-of-bounds Read
Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80
CVE-2022-0453
8.8 - High
- April 05, 2022
Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Web Search in Google Chrome prior to 98.0.4758.80
CVE-2022-0456
8.8 - High
- April 05, 2022
Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction.
Dangling pointer
Use after free in Accessibility in Google Chrome prior to 98.0.4758.80
CVE-2022-0463
8.8 - High
- April 05, 2022
Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
Dangling pointer
Use after free in Cast in Google Chrome prior to 98.0.4758.80
CVE-2022-0469
8.8 - High
- April 05, 2022
Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Webstore API in Google Chrome prior to 98.0.4758.102
CVE-2022-0605
8.8 - High
- April 05, 2022
Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in GPU in Google Chrome prior to 98.0.4758.102
CVE-2022-0607
8.8 - High
- April 05, 2022
Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102
CVE-2022-0610
8.8 - High
- April 05, 2022
Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Buffer Overflow
Use after free in ANGLE in Google Chrome prior to 98.0.4758.102
CVE-2022-0606
8.8 - High
- April 05, 2022
Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102
CVE-2022-0604
8.8 - High
- April 05, 2022
Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102
CVE-2022-0608
8.8 - High
- April 05, 2022
Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Integer Overflow or Wraparound
Use after free in Animation in Google Chrome prior to 98.0.4758.102
CVE-2022-0609
8.8 - High
- April 05, 2022
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99
CVE-2022-0295
8.8 - High
- February 12, 2022
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99
CVE-2022-0307
8.8 - High
- February 12, 2022
Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99
CVE-2022-0304
8.8 - High
- February 12, 2022
Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99
CVE-2022-0302
8.8 - High
- February 12, 2022
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Scheduling in Google Chrome prior to 97.0.4692.99
CVE-2022-0298
8.8 - High
- February 12, 2022
Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Vulkan in Google Chrome prior to 97.0.4692.99
CVE-2022-0297
8.8 - High
- February 12, 2022
Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Printing in Google Chrome prior to 97.0.4692.99
CVE-2022-0296
8.8 - High
- February 12, 2022
Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Web packaging in Google Chrome prior to 97.0.4692.99
CVE-2022-0293
8.8 - High
- February 12, 2022
Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99
CVE-2022-0290
9.6 - Critical
- February 12, 2022
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99
CVE-2022-0289
8.8 - High
- February 12, 2022
Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99
CVE-2022-0301
7.8 - High
- February 12, 2022
Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99
CVE-2022-0294
6.5 - Medium
- February 12, 2022
Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99
CVE-2022-0292
6.5 - Medium
- February 12, 2022
Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99
CVE-2022-0291
6.5 - Medium
- February 12, 2022
Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99
CVE-2022-0311
8.8 - High
- February 12, 2022
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99
CVE-2022-0310
8.8 - High
- February 12, 2022
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.
Memory Corruption
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99
CVE-2022-0309
6.5 - Medium
- February 12, 2022
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
AuthZ
Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99
CVE-2022-0306
8.8 - High
- February 12, 2022
Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99
CVE-2022-0305
6.5 - Medium
- February 12, 2022
Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
AuthZ
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71
CVE-2022-0113
6.5 - Medium
- February 12, 2022
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Origin Validation Error
Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71
CVE-2022-0114
8.1 - High
- February 12, 2022
Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.
Out-of-bounds Read
Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71
CVE-2022-0105
8.8 - High
- February 12, 2022
Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71
CVE-2022-0103
8.8 - High
- February 12, 2022
Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Type confusion in V8 in Google Chrome prior to 97.0.4692.71
CVE-2022-0102
8.8 - High
- February 12, 2022
Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Use after free in Storage in Google Chrome prior to 97.0.4692.71
CVE-2022-0096
8.8 - High
- February 12, 2022
Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71
CVE-2022-0111
6.5 - Medium
- February 12, 2022
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.
Origin Validation Error
Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71
CVE-2022-0110
4.3 - Medium
- February 12, 2022
Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Improper Input Validation
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71
CVE-2022-0109
6.5 - Medium
- February 12, 2022
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71
CVE-2022-0108
6.5 - Medium
- February 12, 2022
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Origin Validation Error
Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71
CVE-2022-0104
8.8 - High
- February 12, 2022
Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71
CVE-2022-0101
8.8 - High
- February 12, 2022
Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture.
Memory Corruption
Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71
CVE-2022-0107
8.8 - High
- February 12, 2022
Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Autofill in Google Chrome prior to 97.0.4692.71
CVE-2022-0106
8.8 - High
- February 12, 2022
Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71
CVE-2022-0100
8.8 - High
- February 12, 2022
Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71
CVE-2022-0098
8.8 - High
- February 12, 2022
Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures.
Dangling pointer
Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71
CVE-2022-0112
4.3 - Medium
- February 12, 2022
Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL.
Use after free in Sign-in in Google Chrome prior to 97.0.4692.71
CVE-2022-0099
8.8 - High
- February 12, 2022
Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.
Dangling pointer
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71
CVE-2022-0120
6.5 - Medium
- February 12, 2022
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.
Origin Validation Error
Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71
CVE-2022-0118
4.3 - Medium
- February 12, 2022
Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page.
Policy bypass in Blink in Google Chrome prior to 97.0.4692.71
CVE-2022-0117
6.5 - Medium
- February 12, 2022
Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Exposure of Resource to Wrong Sphere
Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71
CVE-2022-0116
4.3 - Medium
- February 12, 2022
Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71
CVE-2022-0097
9.6 - Critical
- February 12, 2022
Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.
Uninitialized use in File API in Google Chrome prior to 97.0.4692.71
CVE-2022-0115
8.8 - High
- February 12, 2022
Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Use of Uninitialized Resource
Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110
CVE-2021-4098
7.4 - High
- February 11, 2022
Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Improper Input Validation
Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110
CVE-2021-4099
8.8 - High
- February 11, 2022
Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110
CVE-2021-4100
8.8 - High
- February 11, 2022
Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110
CVE-2021-4101
8.8 - High
- February 11, 2022
Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Use after free in V8 in Google Chrome prior to 96.0.4664.110
CVE-2021-4102
8.8 - High
- February 11, 2022
Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93
CVE-2021-4062
8.8 - High
- December 23, 2021
Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Type confusion in V8 in Google Chrome prior to 96.0.4664.93
CVE-2021-4061
8.8 - High
- December 23, 2021
Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93
CVE-2021-4059
6.5 - Medium
- December 23, 2021
Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Improper Input Validation
Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93
CVE-2021-4058
8.8 - High
- December 23, 2021
Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93
CVE-2021-4055
8.8 - High
- December 23, 2021
Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
Memory Corruption
Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93
CVE-2021-4053
8.8 - High
- December 23, 2021
Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93
CVE-2021-4054
6.5 - Medium
- December 23, 2021
Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Use after free in file API in Google Chrome prior to 96.0.4664.93
CVE-2021-4057
8.8 - High
- December 23, 2021
Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Type confusion in loader in Google Chrome prior to 96.0.4664.93
CVE-2021-4056
8.8 - High
- December 23, 2021
Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Debian Linux or by Google? Click the Watch button to subscribe.
