Google Chrome Web browser
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Google Chrome.
Recent Google Chrome Security Advisories
Known Exploited Google Chrome Vulnerabilities
The following Google Chrome vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Google Chrome Skia Integer Overflow Vulnerability |
Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. CVE-2023-2136 Exploit Probability: 0.9% |
April 21, 2023 |
Google Chrome Use-After-Free Vulnerability |
Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. CVE-2022-3038 Exploit Probability: 26.0% |
March 30, 2023 |
Google Chrome Heap Buffer Overflow Vulnerability |
Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-4135 Exploit Probability: 15.1% |
November 28, 2022 |
Google Chrome Intents Insufficient Input Validation Vulnerability |
Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available. CVE-2022-2856 Exploit Probability: 11.4% |
August 18, 2022 |
Google Chrome Use-After-Free Vulnerability |
Use-after-free in WebAudio in Google Chrome allows a remote attacker to potentially exploit heap corruption. CVE-2019-13720 Exploit Probability: 96.9% |
May 23, 2022 |
Google Chrome Use-After-Free Vulnerability |
Google Chrome contains a heap use-after-free vulnerability which allows an attacker to potentially perform out of bounds memory access. CVE-2019-5786 Exploit Probability: 96.9% |
May 23, 2022 |
Google Chrome Use-After-Free Vulnerability |
The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. CVE-2022-0609 Exploit Probability: 2.7% |
February 15, 2022 |
Google Chrome Prior to 81.0.4044.92 Use-After-Free Vulnerability |
Use-after-free vulnerability in Media in Google Chrome prior to 81.0.4044.92 allowed a Remote attacker to execute arbitrary code via a crafted HTML page. CVE-2020-6572 Exploit Probability: 0.5% |
January 10, 2022 |
Google Chrome Browser V8 Arbitrary Code Execution |
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30563 Exploit Probability: 0.4% |
November 3, 2021 |
Google Chrome FreeType Memory Corruption |
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 Exploit Probability: 7.9% |
November 3, 2021 |
Google Chrome WebGL Use-After-Free Vulnerability |
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30554 Exploit Probability: 1.2% |
November 3, 2021 |
Google Chrome Use-After-Free Vulnerability |
Google Chrome use-after-free error within the V8 browser engine. CVE-2021-37975 Exploit Probability: 7.6% |
November 3, 2021 |
Google Chrome Use-After-Free Vulnerability |
Use-after-free weakness in Portals, Google's new web page navigation system for Chrome. Successful exploitation can let attackers to execute code. CVE-2021-37973 Exploit Probability: 0.4% |
November 3, 2021 |
Google Chrome Use-After-Free Vulnerability |
Google Chrome Use-After-Free vulnerability CVE-2021-30633 Exploit Probability: 0.7% |
November 3, 2021 |
Google Chrome Out-of-bounds write |
Google Chrome out-of-bounds write that allows to execute arbitrary code on the target system. CVE-2021-30632 Exploit Probability: 61.6% |
November 3, 2021 |
Google Chrome Information Leakage |
Information disclosure in Google Chrome that exists due to excessive data output in core. CVE-2021-37976 Exploit Probability: 8.2% |
November 3, 2021 |
Google Chrome Site Isolation Component Use-After-Free Remote Code Execution vulnerability |
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16017 Exploit Probability: 0.3% |
November 3, 2021 |
Google Chrome Heap Buffer Overflow in WebAudio Vulnerability |
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21166 Exploit Probability: 2.1% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 4 known exploited Google Chrome vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2025 there have been 14 vulnerabilities in Google Chrome. Last year, in 2024 Chrome had 266 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Chrome in 2025 could surpass last years number.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 14 | 0.00 |
2024 | 266 | 7.73 |
2023 | 258 | 7.54 |
2022 | 297 | 8.03 |
2021 | 330 | 8.00 |
2020 | 227 | 7.62 |
2019 | 304 | 7.07 |
2018 | 114 | 7.08 |
It may take a day or so for new Chrome vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Chrome Security Vulnerabilities
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83
CVE-2025-0442
- January 15, 2025
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83
CVE-2025-0447
- January 15, 2025
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83
CVE-2025-0448
- January 15, 2025
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83
CVE-2025-0446
- January 15, 2025
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83
CVE-2025-0443
- January 15, 2025
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83
CVE-2025-0441
- January 15, 2025
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83
CVE-2025-0440
- January 15, 2025
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Race in Frames in Google Chrome prior to 132.0.6834.83
CVE-2025-0439
- January 15, 2025
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Race Condition
Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83
CVE-2025-0438
- January 15, 2025
Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
Stack Overflow
Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83
CVE-2025-0437
- January 15, 2025
Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Out-of-bounds Read
Integer overflow in Skia in Google Chrome prior to 132.0.6834.83
CVE-2025-0436
- January 15, 2025
Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Assumed-Immutable Parameter Tampering
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83
CVE-2025-0435
- January 15, 2025
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83
CVE-2025-0434
- January 15, 2025
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 131.0.6778.264
CVE-2025-0291
- January 08, 2025
Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Google Chrome V8 Engine Type Confusion Vulnerability
CVE-2024-12692
- December 18, 2024
Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Google Chrome V8 Engine Out-of-Bounds Memory Access Vulnerability
CVE-2024-12693
- December 18, 2024
Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Google Chrome Compositing Use After Free Vulnerability
CVE-2024-12694
- December 18, 2024
Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Google Chrome V8 Engine Out-of-Bounds Write Vulnerability
CVE-2024-12695
- December 18, 2024
Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 131.0.6778.139
CVE-2024-12381
8.8 - High
- December 12, 2024
Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in Translate in Google Chrome prior to 131.0.6778.139
CVE-2024-12382
8.8 - High
- December 12, 2024
Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Documenso User Interface Misrepresentation of Critical Information Vulnerability
CVE-2024-52271
- December 05, 2024
User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05.
DropBox Sign(HelloSign) User Interface Misrepresentation of Critical Information Vulnerability
CVE-2024-52270
- December 05, 2024
User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DropBox Sign(HelloSign): through 2024-12-04.
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal
CVE-2024-52277
- December 04, 2024
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSeal: through 1.8.1, >1.8.1.
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing
CVE-2024-52276
- December 04, 2024
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does not show the layer flattened version, which is provided when the combined download option is used. 3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option. Once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSign: through 2024-12-04.
Google Chrome V8 Engine Type Confusion Vulnerability
CVE-2024-12053
8.8 - High
- December 03, 2024
Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Google Chrome Layout Integer Overflow Vulnerability
CVE-2024-7025
8.8 - High
- November 27, 2024
Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Integer Overflow or Wraparound
Google Chrome Mojo Insufficient Data Validation Out-of-Bounds Write Vulnerability
CVE-2024-9369
9.6 - Critical
- November 27, 2024
Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Improper Validation of Specified Quantity in Input
Stored XSS Vulnerability in WordPress Plugin 'Dino Game Embed'
CVE-2024-11388
5.4 - Medium
- November 21, 2024
The Dino Game Embed Google Chrome Dinosaur Game in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dino-game' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Google Chrome V8 Engine Type Confusion Vulnerability
CVE-2024-11395
- November 19, 2024
Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Google Chrome Extensions Site Isolation Bypass Vulnerability
CVE-2024-11110
6.5 - Medium
- November 12, 2024
Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
Google Chrome Autofill UI Spoofing Vulnerability
CVE-2024-11111
4.3 - Medium
- November 12, 2024
Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Google Chrome Media Component Use After Free Vulnerability
CVE-2024-11112
8.8 - High
- November 12, 2024
Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Google Chrome Accessibility Use After Free Vulnerability
CVE-2024-11113
8.8 - High
- November 12, 2024
Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Google Chrome Views Component Sandbox Escape Vulnerability
CVE-2024-11114
8.3 - High
- November 12, 2024
Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Google Chrome on iOS Navigation Policy Enforcement Vulnerability
CVE-2024-11115
8.8 - High
- November 12, 2024
Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)
Google Chrome Blink UI Spoofing Vulnerability
CVE-2024-11116
4.3 - Medium
- November 12, 2024
Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Google Chrome FileSystem Inappropriate Implementation Vulnerability
CVE-2024-11117
4.3 - Medium
- November 12, 2024
Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)
Google Chrome 130 Use After Free in Family Experiences
CVE-2024-10826
8.8 - High
- November 06, 2024
Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Google Chrome 130 Serial Use-After-Free
CVE-2024-10827
8.8 - High
- November 06, 2024
Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92
CVE-2024-10487
8.8 - High
- October 29, 2024
Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
Memory Corruption
Use after free in WebRTC in Google Chrome prior to 130.0.6723.92
CVE-2024-10488
8.8 - High
- October 29, 2024
Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69
CVE-2024-10229
8.1 - High
- October 22, 2024
Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69
CVE-2024-10230
8.8 - High
- October 22, 2024
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69
CVE-2024-10231
8.8 - High
- October 22, 2024
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in AI in Google Chrome prior to 130.0.6723.58
CVE-2024-9954
8.8 - High
- October 15, 2024
Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58
CVE-2024-9955
8.8 - High
- October 15, 2024
Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58
CVE-2024-9956
7.8 - High
- October 15, 2024
Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58
CVE-2024-9957
8.8 - High
- October 15, 2024
Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58
CVE-2024-9958
4.3 - Medium
- October 15, 2024
Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Use after free in DevTools in Google Chrome prior to 130.0.6723.58
CVE-2024-9959
8.8 - High
- October 15, 2024
Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
Dangling pointer
Use after free in Dawn in Google Chrome prior to 130.0.6723.58
CVE-2024-9960
7.5 - High
- October 15, 2024
Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58
CVE-2024-9961
8.8 - High
- October 15, 2024
Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58
CVE-2024-9962
4.3 - Medium
- October 15, 2024
Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58
CVE-2024-9963
4.3 - Medium
- October 15, 2024
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58
CVE-2024-9964
4.3 - Medium
- October 15, 2024
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58
CVE-2024-9965
8.8 - High
- October 15, 2024
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58
CVE-2024-9966
5.3 - Medium
- October 15, 2024
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126
CVE-2024-9859
8.8 - High
- October 11, 2024
Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100
CVE-2024-9602
8.8 - High
- October 08, 2024
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100
CVE-2024-9603
8.8 - High
- October 08, 2024
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70
CVE-2024-9120
8.8 - High
- September 25, 2024
Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70
CVE-2024-9121
8.8 - High
- September 25, 2024
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Type Confusion in V8 in Google Chrome prior to 129.0.6668.70
CVE-2024-9122
8.8 - High
- September 25, 2024
Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Integer overflow in Skia in Google Chrome prior to 129.0.6668.70
CVE-2024-9123
8.8 - High
- September 25, 2024
Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Integer Overflow or Wraparound
Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0
CVE-2024-7023
8.8 - High
- September 23, 2024
Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54
CVE-2024-7024
9.6 - Critical
- September 23, 2024
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Memory Corruption
Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75
CVE-2018-20072
7.8 - High
- September 23, 2024
Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low)
Use after free in Extensions in Google Chrome prior to 92.0.4515.107
CVE-2021-38023
8.8 - High
- September 23, 2024
Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105
CVE-2023-7281
4.3 - Medium
- September 23, 2024
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63
CVE-2023-7282
4.3 - Medium
- September 23, 2024
Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78
CVE-2024-7018
7.8 - High
- September 23, 2024
Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Memory Corruption
Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60
CVE-2024-7019
4.3 - Medium
- September 23, 2024
Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60
CVE-2024-7020
4.3 - Medium
- September 23, 2024
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58
CVE-2024-7022
4.3 - Medium
- September 23, 2024
Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Use of Uninitialized Resource
Type Confusion in V8 in Google Chrome prior to 129.0.6668.58
CVE-2024-8904
8.8 - High
- September 17, 2024
Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58
CVE-2024-8905
8.8 - High
- September 17, 2024
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)
Memory Corruption
Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58
CVE-2024-8906
4.3 - Medium
- September 17, 2024
Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58
CVE-2024-8907
6.1 - Medium
- September 17, 2024
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)
XSS
Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58
CVE-2024-8908
4.3 - Medium
- September 17, 2024
Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58
CVE-2024-8909
4.3 - Medium
- September 17, 2024
Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137
CVE-2024-8636
8.8 - High
- September 11, 2024
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137
CVE-2024-8637
8.8 - High
- September 11, 2024
Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Type Confusion in V8 in Google Chrome prior to 128.0.6613.137
CVE-2024-8638
8.8 - High
- September 11, 2024
Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137
CVE-2024-8639
8.8 - High
- September 11, 2024
Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119
CVE-2024-7970
8.8 - High
- September 03, 2024
Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Use after free in WebAudio in Google Chrome prior to 128.0.6613.119
CVE-2024-8362
8.8 - High
- September 03, 2024
Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113
CVE-2024-8198
8.8 - High
- August 28, 2024
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113
CVE-2024-8194
8.8 - High
- August 28, 2024
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113
CVE-2024-8193
8.8 - High
- August 28, 2024
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84
CVE-2024-7977
7.8 - High
- August 21, 2024
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84
CVE-2024-8035
4.3 - Medium
- August 21, 2024
Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84
CVE-2024-8034
4.3 - Medium
- August 21, 2024
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84
CVE-2024-8033
4.3 - Medium
- August 21, 2024
Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84
CVE-2024-7981
4.3 - Medium
- August 21, 2024
Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84
CVE-2024-7980
7.8 - High
- August 21, 2024
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)
Insufficient Verification of Data Authenticity
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84
CVE-2024-7979
7.8 - High
- August 21, 2024
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)
Insufficient Verification of Data Authenticity
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84
CVE-2024-7978
4.3 - Medium
- August 21, 2024
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84
CVE-2024-7976
4.3 - Medium
- August 21, 2024
Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84
CVE-2024-7975
4.3 - Medium
- August 21, 2024
Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84
CVE-2024-7974
8.8 - High
- August 21, 2024
Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google Chrome or by Google? Click the Watch button to subscribe.
![subscribe](/images/undraw_subscriber_vabu.png)