Chrome Google Chrome Web browser

  1. Vendors
  2. Google
  3. Chrome
Do you want an email whenever new security vulnerabilities are reported in Google Chrome?

Recent Google Chrome Security Advisories

Advisory Title Published
Chrome Releases: Stable Channel Update for Desktop September 29, 2022
Chrome Releases: Stable Channel Update for Desktop September 26, 2022
Chrome Releases: Stable Channel Update for Desktop September 26, 2022
Chrome Releases: Stable Channel Update for Desktop September 26, 2022
Chrome Releases: Stable Channel Update for Desktop September 26, 2022
Chrome Releases: Stable Channel Update for Desktop August 12, 2022
Chrome Releases: Stable Channel Update for Desktop July 28, 2022
Chrome Releases: Stable Channel Update for Desktop July 28, 2022
Chrome Releases: Stable Channel Update for Desktop July 28, 2022
Chrome Releases: Stable Channel Update for Desktop July 28, 2022

@googlechrome Tweets

Double points for @McLarenF1! A great showing from @LandoNorris and @DanielRicciardo at the #SingaporeGP today ��️�� https://t.co/ZnzNTn6dQk
Sun Oct 02 15:36:49 +0000 2022

By the Year

In 2022 there have been 230 vulnerabilities in Google Chrome with an average score of 8.0 out of ten. Last year Chrome had 329 security vulnerabilities published. Right now, Chrome is on track to have less security vulnerabilities in 2022 than it did last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.04.

Year Vulnerabilities Average Score
2022 230 8.05
2021 329 8.00
2020 227 7.62
2019 303 7.07
2018 114 7.08

It may take a day or so for new Chrome vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Chrome Security Vulnerabilities

Double free in DOMStorage in Google Chrome prior to 73.0.3683.75

CVE-2019-5797 7.5 - High - September 29, 2022

Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Double-free

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102

CVE-2022-3075 9.6 - Critical - September 26, 2022

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Improper Input Validation

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101

CVE-2022-2858 8.8 - High - September 26, 2022

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.

Dangling pointer

Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101

CVE-2022-2859 8.8 - High - September 26, 2022

Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.

Dangling pointer

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101

CVE-2022-2860 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101

CVE-2022-2861 6.5 - Medium - September 26, 2022

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.

AuthZ

Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52

CVE-2022-3054 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125

CVE-2022-3195 8.8 - High - September 26, 2022

Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Memory Corruption

Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101

CVE-2022-2854 8.8 - High - September 26, 2022

Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in ANGLE in Google Chrome prior to 104.0.5112.101

CVE-2022-2855 8.8 - High - September 26, 2022

Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Blink in Google Chrome prior to 104.0.5112.101

CVE-2022-2857 8.8 - High - September 26, 2022

Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52

CVE-2022-3044 6.5 - Medium - September 26, 2022

Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

AuthZ

Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52

CVE-2022-3045 8.8 - High - September 26, 2022

Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

AuthZ

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52

CVE-2022-3047 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.

AuthZ

Use after free in Passwords in Google Chrome prior to 105.0.5195.52

CVE-2022-3055 8.8 - High - September 26, 2022

Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52

CVE-2022-3056 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.

AuthZ

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52

CVE-2022-3057 6.5 - Medium - September 26, 2022

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

AuthZ

Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52

CVE-2022-3058 8.8 - High - September 26, 2022

Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.

Dangling pointer

Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101

CVE-2022-2998 8.8 - High - September 26, 2022

Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Network Service in Google Chrome prior to 105.0.5195.52

CVE-2022-3038 8.8 - High - September 26, 2022

Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52

CVE-2022-3039 8.8 - High - September 26, 2022

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Layout in Google Chrome prior to 105.0.5195.52

CVE-2022-3040 8.8 - High - September 26, 2022

Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52

CVE-2022-3041 8.8 - High - September 26, 2022

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52

CVE-2022-3046 8.8 - High - September 26, 2022

Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Omnibox in Google Chrome prior to 104.0.5112.79

CVE-2022-2603 8.8 - High - August 12, 2022

Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79

CVE-2022-2604 8.8 - High - August 12, 2022

Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79

CVE-2022-2605 6.5 - Medium - August 12, 2022

Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Out-of-bounds Read

Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79

CVE-2022-2606 8.8 - High - August 12, 2022

Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79

CVE-2022-2608 8.8 - High - August 12, 2022

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Dangling pointer

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79

CVE-2022-2610 6.5 - Medium - August 12, 2022

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79

CVE-2022-2612 6.5 - Medium - August 12, 2022

Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

Side Channel Attack

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79

CVE-2022-2614 8.8 - High - August 12, 2022

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79

CVE-2022-2615 6.5 - Medium - August 12, 2022

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Reliance on Cookies without Validation and Integrity Checking

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79

CVE-2022-2616 6.5 - Medium - August 12, 2022

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79

CVE-2022-2617 8.8 - High - August 12, 2022

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.

Dangling pointer

Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79

CVE-2022-2618 6.5 - Medium - August 12, 2022

Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .

Improper Input Validation

Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79

CVE-2022-2619 4.3 - Medium - August 12, 2022

Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.

Improper Input Validation

Use after free in Extensions in Google Chrome prior to 104.0.5112.79

CVE-2022-2621 8.8 - High - August 12, 2022

Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.

Dangling pointer

Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79

CVE-2022-2624 8.8 - High - August 12, 2022

Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.

Memory Corruption

Use after free in WebGPU in Google Chrome prior to 100.0.4896.88

CVE-2022-2399 8.8 - High - July 28, 2022

Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134

CVE-2022-2163 8.8 - High - July 28, 2022

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.

Dangling pointer

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114

CVE-2022-2294 8.8 - High - July 28, 2022

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Type confusion in V8 in Google Chrome prior to 103.0.5060.114

CVE-2022-2295 8.8 - High - July 28, 2022

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in Guest View in Google Chrome prior to 103.0.5060.134

CVE-2022-2477 8.8 - High - July 28, 2022

Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Views in Google Chrome prior to 103.0.5060.134

CVE-2022-2481 8.8 - High - July 28, 2022

Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.

Dangling pointer

Use after free in PDF in Google Chrome prior to 103.0.5060.134

CVE-2022-2478 8.8 - High - July 28, 2022

Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134

CVE-2022-2480 8.8 - High - July 28, 2022

Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53

CVE-2022-2161 8.8 - High - July 28, 2022

Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Dangling pointer

Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53

CVE-2022-2164 6.3 - Medium - July 28, 2022

Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.

Use after free in Codecs in Google Chrome prior to 101.0.4951.41

CVE-2022-1919 8.8 - High - July 28, 2022

Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebGPU in Google Chrome prior to 102.0.5005.115

CVE-2022-2007 8.8 - High - July 28, 2022

Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Double free in WebGL in Google Chrome prior to 102.0.5005.115

CVE-2022-2008 8.8 - High - July 28, 2022

Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Double-free

Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115

CVE-2022-2010 9.3 - Critical - July 28, 2022

Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Out-of-bounds Read

Type confusion in V8 in Google Chrome prior to 103.0.5060.53

CVE-2022-2158 8.8 - High - July 28, 2022

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in ANGLE in Google Chrome prior to 102.0.5005.115

CVE-2022-2011 8.8 - High - July 28, 2022

Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Core in Google Chrome prior to 103.0.5060.53

CVE-2022-2156 8.8 - High - July 28, 2022

Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Interest groups in Google Chrome prior to 103.0.5060.53

CVE-2022-2157 8.8 - High - July 28, 2022

Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53

CVE-2022-2165 4.3 - Medium - July 28, 2022

Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53

CVE-2022-2415 8.8 - High - July 28, 2022

Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61

CVE-2022-1871 4.3 - Medium - July 27, 2022

Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page.

Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61

CVE-2022-1872 4.3 - Medium - July 27, 2022

Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.

Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61

CVE-2022-1873 6.5 - Medium - July 27, 2022

Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61

CVE-2022-1875 4.3 - Medium - July 27, 2022

Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61

CVE-2022-1876 8.8 - High - July 27, 2022

Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61

CVE-2022-1853 9.6 - Critical - July 27, 2022

Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in Messaging in Google Chrome prior to 102.0.5005.61

CVE-2022-1855 8.8 - High - July 27, 2022

Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in User Education in Google Chrome prior to 102.0.5005.61

CVE-2022-1856 8.8 - High - July 27, 2022

Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction.

Dangling pointer

Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61

CVE-2022-1857 8.8 - High - July 27, 2022

Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page.

Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61

CVE-2022-1858 6.5 - Medium - July 27, 2022

Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction.

Out-of-bounds Read

Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61

CVE-2022-1859 8.8 - High - July 27, 2022

Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61

CVE-2022-1860 8.8 - High - July 27, 2022

Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions.

Dangling pointer

Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61

CVE-2022-1861 8.8 - High - July 27, 2022

Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction.

Dangling pointer

Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61

CVE-2022-1862 6.5 - Medium - July 27, 2022

Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.

Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61

CVE-2022-1866 8.8 - High - July 27, 2022

Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.

Dangling pointer

Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61

CVE-2022-1867 6.5 - Medium - July 27, 2022

Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content.

Improper Input Validation

Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61

CVE-2022-1868 6.5 - Medium - July 27, 2022

Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.

Use after free in ANGLE in Google Chrome prior to 102.0.5005.61

CVE-2022-1854 8.8 - High - July 27, 2022

Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61

CVE-2022-1863 8.8 - High - July 27, 2022

Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.

Dangling pointer

Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61

CVE-2022-1864 8.8 - High - July 27, 2022

Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.

Dangling pointer

Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61

CVE-2022-1865 8.8 - High - July 27, 2022

Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.

Dangling pointer

Type Confusion in V8 in Google Chrome prior to 102.0.5005.61

CVE-2022-1869 6.5 - Medium - July 27, 2022

Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in App Service in Google Chrome prior to 102.0.5005.61

CVE-2022-1870 8.8 - High - July 27, 2022

Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Dangling pointer

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41

CVE-2022-1501 6.5 - Medium - July 26, 2022

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Use after free in Sharing in Google Chrome prior to 101.0.4951.64

CVE-2022-1640 8.8 - High - July 26, 2022

Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in ANGLE in Google Chrome prior to 101.0.4951.64

CVE-2022-1639 8.8 - High - July 26, 2022

Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64

CVE-2022-1638 8.8 - High - July 26, 2022

Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41

CVE-2022-1494 6.1 - Medium - July 26, 2022

Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.

XSS

Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41

CVE-2022-1493 8.8 - High - July 26, 2022

Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

Dangling pointer

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41

CVE-2022-1492 6.1 - Medium - July 26, 2022

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.

XSS

Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41

CVE-2022-1491 8.8 - High - July 26, 2022

Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

Dangling pointer

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41

CVE-2022-1499 6.3 - Medium - July 26, 2022

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

AuthZ

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41

CVE-2022-1498 4.3 - Medium - July 26, 2022

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41

CVE-2022-1497 6.5 - Medium - July 26, 2022

Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.

Origin Validation Error

Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41

CVE-2022-1500 6.5 - Medium - July 26, 2022

Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Improper Input Validation

Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41

CVE-2022-1490 8.8 - High - July 26, 2022

Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in File System API in Google Chrome prior to 101.0.4951.41

CVE-2022-1485 7.5 - High - July 26, 2022

Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41

CVE-2022-1478 8.8 - High - July 26, 2022

Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Vulkan in Google Chrome prior to 101.0.4951.41

CVE-2022-1477 8.8 - High - July 26, 2022

Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Type confusion in V8 in Google Chrome prior to 101.0.4951.41

CVE-2022-1486 8.8 - High - July 26, 2022

Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Object Type Confusion

Use after free in Ozone in Google Chrome prior to 101.0.4951.41

CVE-2022-1487 7.5 - High - July 26, 2022

Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.

Dangling pointer

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Google Chrome or by Google? Click the Watch button to subscribe.

Google
Vendor

Google Chrome
Web browser

subscribe