CVE Daily
← All tags

Tag: Google Chrome

All CVEs associated with "Google Chrome". Page 14/40 • 4704 CVEs.

Subscribe CVEs: RSS for “Google Chrome”  ·  RSS (High+Critical only)

About “Google Chrome”

A curated feed of “Google Chrome”-related CVEs appears below. We currently track 4704 CVEs for this tag (all time). In the last 365 days, 807 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 58% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-20 - Improper Input Validation, CWE-125 - Out-of-bounds Read.

In our taxonomy this topic maps to a LOW impact class. Browsers are high value endpoints. Force auto updates, enforce enterprise policies, limit risky extensions, and enable site isolation or sandboxing. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-09-26
High

CVE-2022-3195

Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2022-3075

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted…

CVSS: 9.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2022-3071

Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit he…

CVSS: 8.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-3058

Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-3057

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2022-3056

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVSS: 6.5 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2022-3055

Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a c…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-3054

Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-3053

Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2022-3052

Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-3051

Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially expl…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-3050

Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap cor…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-3049

Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit…

CVSS: 8.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-3048

Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to…

CVSS: 6.8 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2022-3047

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a cr…

CVSS: 6.5 CWE: CWE-602 - Client-Side Enforcement of Server-Side Security View on NVD
High

CVE-2022-3046

Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HT…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-3045

Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-3044

Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML p…

CVSS: 6.5 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2022-3043

Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-3042

Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-3041

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-3040

Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-3039

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-3038

Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2998

Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corru…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-2861

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebU…

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2022-2860

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-2859

Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2858

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2857

Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-2856

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML pag…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2022-2855

Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2854

Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-2853

Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a c…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-2852

Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2022-09-02
High

CVE-2022-31176

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthor…

CVSS: 8.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-08-12
High

CVE-2022-2624

Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-2623

Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corrupt…

CVSS: 8.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-2622

Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-2621

Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI i…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2620

Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corrupt…

CVSS: 8.8 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2022-2619

Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into…

CVSS: 4.3 CWE: CWE-116 - Improper Encoding or Escaping of Output View on NVD
Medium

CVE-2022-2618

Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2022-2617

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific…

CVSS: 8.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-2616

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-2615

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-565 - Reliance on Cookies without Validation and Integrity Checking View on NVD
High

CVE-2022-2614

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2613

Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corrupti…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-2612

Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informati…

CVSS: 6.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2022-2611

Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2022-2610

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2022-2609

Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap…

CVSS: 8.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-2608

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap…

CVSS: 8.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-2607

Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap cor…

CVSS: 8.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-2606

Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corrupt…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-2605

Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-2604

Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2603

Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2022-2587

Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata.

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2022-08-05
Low

CVE-2022-33720

Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.

CVSS: 2.4 CWE: CWE-284 - Improper Access Control View on NVD
2022-07-28
High

CVE-2022-2399

Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2481

Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI i…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2480

Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-2479

Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensit…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2022-2478

Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2477

Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HT…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2296

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit h…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2295

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2022-2294

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-2163

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2415

Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-2165

Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2022-2164

Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control…

CVSS: 6.3 CWE: N/A View on NVD
High

CVE-2022-2162

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-2161

Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corrupti…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-2160

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitiv…

CVSS: 6.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-2158

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2157

Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2156

Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-2011

Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2022-2010

Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…

CVSS: 9.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-2008

Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-415 - Double Free View on NVD
High

CVE-2022-2007

Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1919

Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2022-07-27
High

CVE-2022-1876

Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-1875

Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 4.3 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2022-1874

Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page.

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2022-1873

Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Medium

CVE-2022-1872

Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a cr…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2022-1871

Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2022-1870

Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Ch…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-1869

Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 6.5 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Medium

CVE-2022-1868

Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-1867

Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-1866

Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap c…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1865

Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chro…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1864

Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafte…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1863

Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chr…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-1862

Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a craft…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-1861

Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corrup…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1860

Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1859

Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corrupt…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-1858

Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-1857

Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page.

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-1856

Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1855

Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1854

Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2022-1853

Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
2022-07-26
High

CVE-2022-1641

Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit h…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1640

Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a cra…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1639

Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1638

Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-1637

Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 4.3 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2022-1636

Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1635

Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruptio…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1634

Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1633

Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corr…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-1501

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Medium

CVE-2022-1500

Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-1499

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CVSS: 6.3 CWE: CWE-863 - Incorrect Authorization View on NVD