CVE Daily
← All tags

Tag: Google Chrome

All CVEs associated with "Google Chrome". Page 16/40 • 4704 CVEs.

Subscribe CVEs: RSS for “Google Chrome”  ·  RSS (High+Critical only)

About “Google Chrome”

A curated feed of “Google Chrome”-related CVEs appears below. We currently track 4704 CVEs for this tag (all time). In the last 365 days, 807 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 58% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-20 - Improper Input Validation, CWE-125 - Out-of-bounds Read.

In our taxonomy this topic maps to a LOW impact class. Browsers are high value endpoints. Force auto updates, enforce enterprise policies, limit risky extensions, and enable site isolation or sandboxing. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-02-12
Medium

CVE-2022-0305

Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTM…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-0304

Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0302

Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0301

Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0300

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially expl…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0298

Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0297

Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0296

Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0295

Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-0294

Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pa…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-0293

Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-0292

Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-0291

Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
Critical

CVE-2022-0290

Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0289

Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-0120

Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.

CVSS: 6.5 CWE: CWE-346 - Origin Validation Error View on NVD
Medium

CVE-2022-0118

Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2022-0117

Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2022-0116

Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2022-0115

Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

CVSS: 8.8 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2022-0114

Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial por…

CVSS: 8.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-0113

Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-346 - Origin Validation Error View on NVD
Medium

CVE-2022-0112

Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2022-0111

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.

CVSS: 6.5 CWE: CWE-346 - Origin Validation Error View on NVD
Medium

CVE-2022-0110

Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
Medium

CVE-2022-0109

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-0108

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-346 - Origin Validation Error View on NVD
High

CVE-2022-0107

Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0106

Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0105

Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0104

Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-0103

Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0102

Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2022-0101

Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via spe…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-0100

Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-0099

Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific u…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-0098

Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2022-0097

Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape t…

CVSS: 9.6 CWE: N/A View on NVD
High

CVE-2022-0096

Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2022-02-11
High

CVE-2021-4102

Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-4101

Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-4100

Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2021-4099

Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-4098

Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H…

CVSS: 7.4 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
2021-12-23
High

CVE-2021-4079

Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-4078

Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Medium

CVE-2021-4068

Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-116 - Improper Encoding or Escaping of Output View on NVD
High

CVE-2021-4067

Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-4066

Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2021-4065

Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-4064

Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-4063

Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-4062

Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pag…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-4061

Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Medium

CVE-2021-4059

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2021-4058

Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-4057

Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-4056

Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2021-4055

Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafte…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2021-4054

Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-4053

Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-4052

Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2021-38022

Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-38021

Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-38020

Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2021-38019

Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-670 - Always-Incorrect Control Flow Implementation View on NVD
Medium

CVE-2021-38018

Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-38017

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2021-38016

Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2021-38015

Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2021-38014

Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2021-38013

Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sand…

CVSS: 9.6 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-38012

Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2021-38011

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2021-38010

Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML p…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-38009

Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-203 - Observable Discrepancy View on NVD
High

CVE-2021-38008

Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-38007

Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2021-38006

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-38005

Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2021-12-08
Medium

CVE-2021-43528

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a step…

CVSS: 6.5 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-11-24
High

CVE-2021-34424

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2021-34423

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2021-11-23
Medium

CVE-2021-38004

Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 4.3 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2021-38003

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Critical

CVE-2021-38002

Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-38001

Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Medium

CVE-2021-38000

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.

CVSS: 6.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
Medium

CVE-2021-37999

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2021-37998

Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-37997

Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2021-11-10
Medium

CVE-2021-41351

Microsoft Edge (Chrome based) Spoofing on IE Mode

CVSS: 4.3 CWE: N/A View on NVD
2021-11-02
Critical

CVE-2020-6492

Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2018-6125

Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2018-6122

Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Medium

CVE-2021-37996

Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2021-37995

Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-37994

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-37993

Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-37992

Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2021-37991

Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 7.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2021-37990

Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-37989

Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-37988

Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HT…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-37987

Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-37986

Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-37985

Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-37984

Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-37983

Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-37982

Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2021-37981

Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVSS: 9.6 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-37980

Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.

CVSS: 7.4 CWE: N/A View on NVD
High

CVE-2021-37979

heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a craf…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-37978

Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-37977

Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2021-10-08
Medium

CVE-2021-37976

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2021-37975

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-37974

Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2021-37973

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-37972

Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD