Chrome
by Google
Source repositories
CVEs (5,401)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7997 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2026 | Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low) | ||
| CVE-2026-7994 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2026 | Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium) | ||
| CVE-2026-7990 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2026 | Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium) | ||
| CVE-2026-7925 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2026 | Use after free in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | ||
| CVE-2026-7913 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2026 | Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High) | ||
| CVE-2025-2509 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2025 | Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in… | ||
| CVE-2024-9956 | Hig | 0.51 | 7.8 | 0.00 | Oct 15, 2024 | Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2024-7018 | Hig | 0.51 | 7.8 | 0.00 | Sep 23, 2024 | Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | ||
| CVE-2018-20072 | Hig | 0.51 | 7.8 | 0.00 | Sep 23, 2024 | Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low) | ||
| CVE-2024-7980 | Hig | 0.51 | 7.8 | 0.00 | Aug 21, 2024 | Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | ||
| CVE-2024-7979 | Hig | 0.51 | 7.8 | 0.00 | Aug 21, 2024 | Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | ||
| CVE-2024-7977 | Hig | 0.51 | 7.8 | 0.00 | Aug 21, 2024 | Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | ||
| CVE-2023-7261 | Hig | 0.51 | 7.8 | 0.00 | Jun 7, 2024 | Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High) | ||
| CVE-2019-13689 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2023 | Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) | ||
| CVE-2023-2939 | Hig | 0.51 | 7.8 | 0.00 | May 30, 2023 | Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) | ||
| CVE-2022-0301 | Hig | 0.51 | 7.8 | 0.00 | Feb 12, 2022 | Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-37969 | Hig | 0.51 | 7.8 | 0.01 | Oct 8, 2021 | Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. | ||
| CVE-2021-30605 | Hig | 0.51 | 7.8 | 0.00 | Sep 8, 2021 | Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls. | ||
| CVE-2021-30577 | Hig | 0.51 | 7.8 | 0.01 | Aug 3, 2021 | Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. | ||
| CVE-2021-21117 | Hig | 0.51 | 7.8 | 0.00 | Feb 9, 2021 | Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file. |
- risk 0.51cvss 7.8epss 0.00
Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)
- risk 0.51cvss 7.8epss 0.00
Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)
- risk 0.51cvss 7.8epss 0.00
Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)
- risk 0.51cvss 7.8epss 0.00
Use after free in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
- risk 0.51cvss 7.8epss 0.00
Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)
- risk 0.51cvss 7.8epss 0.00
Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in…
- risk 0.51cvss 7.8epss 0.00
Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.51cvss 7.8epss 0.00
Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
- risk 0.51cvss 7.8epss 0.00
Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low)
- risk 0.51cvss 7.8epss 0.00
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)
- risk 0.51cvss 7.8epss 0.00
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)
- risk 0.51cvss 7.8epss 0.00
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
- risk 0.51cvss 7.8epss 0.00
Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)
- risk 0.51cvss 7.8epss 0.00
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)
- risk 0.51cvss 7.8epss 0.00
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
- risk 0.51cvss 7.8epss 0.00
Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- risk 0.51cvss 7.8epss 0.01
Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.
- risk 0.51cvss 7.8epss 0.00
Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.
- risk 0.51cvss 7.8epss 0.01
Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.
- risk 0.51cvss 7.8epss 0.00
Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.
Page 104 of 271