CVE Daily
← All tags

Tag: Google Chrome

All CVEs associated with "Google Chrome". Page 15/40 • 4704 CVEs.

Subscribe CVEs: RSS for “Google Chrome”  ·  RSS (High+Critical only)

About “Google Chrome”

A curated feed of “Google Chrome”-related CVEs appears below. We currently track 4704 CVEs for this tag (all time). In the last 365 days, 807 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 58% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-20 - Improper Input Validation, CWE-125 - Out-of-bounds Read.

In our taxonomy this topic maps to a LOW impact class. Browsers are high value endpoints. Force auto updates, enforce enterprise policies, limit risky extensions, and enable site isolation or sandboxing. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-07-26
Medium

CVE-2022-1498

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 4.3 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Medium

CVE-2022-1497

Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.

CVSS: 6.5 CWE: CWE-346 - Origin Validation Error View on NVD
High

CVE-2022-1496

Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-1495

Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page.

CVSS: 4.3 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
Medium

CVE-2022-1494

Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2022-1493

Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-1492

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2022-1491

Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1490

Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1489

Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-1488

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafte…

CVSS: 4.3 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2022-1487

Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1486

Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2022-1485

Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1484

Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-1483

Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pag…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-1482

Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 6.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-1481

Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption v…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1479

Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1478

Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1477

Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1364

Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
2022-07-25
High

CVE-2022-1314

Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2022-1313

Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2022-1312

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrom…

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1311

Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1310

Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2022-1309

Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVSS: 9.6 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2022-1308

Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-1307

Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
Medium

CVE-2022-1306

Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
High

CVE-2022-1305

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1232

Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
2022-07-23
Medium

CVE-2022-1146

Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-203 - Observable Discrepancy View on NVD
High

CVE-2022-1145

Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1144

Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specif…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1143

Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-1142

Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-1141

Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-1139

Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-203 - Observable Discrepancy View on NVD
Medium

CVE-2022-1138

Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar)…

CVSS: 6.5 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
Medium

CVE-2022-1137

Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information…

CVSS: 6.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2022-1136

Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set o…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1135

Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1134

Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2022-1133

Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-1132

Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.

CVSS: 6.1 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2022-1131

Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1130

Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.

CVSS: 8.1 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2022-1129

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 6.5 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
Medium

CVE-2022-1128

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2022-1127

Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruptio…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1125

Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-1096

Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
2022-07-22
High

CVE-2022-0980

Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific use…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0979

Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap cor…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0978

Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2022-07-21
Critical

CVE-2022-0977

Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corr…

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0976

Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-0975

Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0974

Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap cor…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2022-0973

Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0972

Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0971

Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafte…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2022-04-12
Medium

CVE-2022-28795

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger t…

CVSS: 6.5 CWE: N/A View on NVD
2022-04-05
High

CVE-2022-0809

Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-0808

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit h…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-0807

Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-0806

Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-0805

Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-0804

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-0803

Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-0802

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-0800

Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-0799

Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.

CVSS: 8.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-0798

Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chr…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0797

Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-0796

Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0795

Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2022-0794

Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a cr…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0793

Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-0792

Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-0791

Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2022-0790

Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a cr…

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0789

Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-0470

Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-0469

Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HT…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0468

Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0467

Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVSS: 8.8 CWE: N/A View on NVD
Critical

CVE-2022-0466

Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox e…

CVSS: 9.6 CWE: N/A View on NVD
High

CVE-2022-0465

Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0464

Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0463

Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-0462

Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-0461

Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-0460

Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0459

Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0458

Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0457

Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2022-0456

Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-0455

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 6.5 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
High

CVE-2022-0454

Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-0453

Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2022-0452

Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0610

Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-0609

Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0608

Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2022-0607

Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0606

Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0605

Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interac…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0604

Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potenti…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-0603

Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2022-03-10
Medium

CVE-2022-0815

Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details…

CVSS: 6.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
2022-03-09
Medium

CVE-2022-24522

Skype Extension for Chrome Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
2022-02-12
High

CVE-2022-0311

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruptio…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-0310

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-0309

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVSS: 6.5 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2022-0308

Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap c…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0307

Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruptio…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0306

Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD