Chrome
by Google
Source repositories
CVEs (5,401)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-16007 | Hig | 0.51 | 7.8 | 0.00 | Nov 3, 2020 | Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | ||
| CVE-2020-15983 | Hig | 0.51 | 7.8 | 0.00 | Nov 3, 2020 | Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2020-15980 | Hig | 0.51 | 7.8 | 0.00 | Nov 3, 2020 | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents. | ||
| CVE-2020-6574 | Hig | 0.51 | 7.8 | 0.00 | Sep 21, 2020 | Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. | ||
| CVE-2020-6546 | Hig | 0.51 | 7.8 | 0.00 | Sep 21, 2020 | Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | ||
| CVE-2020-6510 | Hig | 0.51 | 7.8 | 0.02 | Jul 22, 2020 | Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6477 | Hig | 0.51 | 7.8 | 0.00 | May 21, 2020 | Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. | ||
| CVE-2020-6417 | Hig | 0.51 | 7.8 | 0.00 | Feb 11, 2020 | Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. | ||
| CVE-2019-13706 | Hig | 0.51 | 7.8 | 0.01 | Nov 25, 2019 | Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||
| CVE-2019-13702 | Hig | 0.51 | 7.8 | 0.01 | Nov 25, 2019 | Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable. | ||
| CVE-2019-5819 | Hig | 0.51 | 7.8 | 0.00 | Jun 27, 2019 | Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. | ||
| CVE-2018-6176 | Hig | 0.51 | 7.8 | 0.00 | Jun 27, 2019 | Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension. | ||
| CVE-2019-5780 | Hig | 0.51 | 7.8 | 0.00 | Feb 19, 2019 | Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. | ||
| CVE-2017-15404 | Hig | 0.51 | 7.8 | 0.00 | Jan 9, 2019 | An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted… | ||
| CVE-2017-5039 | Hig | 0.51 | 7.8 | 0.01 | Apr 24, 2017 | A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||
| CVE-2017-5037 | Hig | 0.51 | 7.8 | 0.01 | Apr 24, 2017 | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | ||
| CVE-2017-5036 | Hig | 0.51 | 7.8 | 0.01 | Apr 24, 2017 | A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file. | ||
| CVE-2010-4040 | Hig | 0.51 | 7.8 | 0.01 | Oct 21, 2010 | Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image. | ||
| CVE-2026-11297 | Hig | 0.50 | 7.7 | 0.00 | Jun 5, 2026 | Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Low) | ||
| CVE-2022-3842 | Hig | 0.50 | 7.5 | 0.18 | Jan 2, 2023 | Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
- risk 0.51cvss 7.8epss 0.00
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
- risk 0.51cvss 7.8epss 0.00
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
- risk 0.51cvss 7.8epss 0.00
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.
- risk 0.51cvss 7.8epss 0.00
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.
- risk 0.51cvss 7.8epss 0.00
Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
- risk 0.51cvss 7.8epss 0.02
Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.51cvss 7.8epss 0.00
Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.
- risk 0.51cvss 7.8epss 0.00
Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry.
- risk 0.51cvss 7.8epss 0.01
Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- risk 0.51cvss 7.8epss 0.01
Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.
- risk 0.51cvss 7.8epss 0.00
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
- risk 0.51cvss 7.8epss 0.00
Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension.
- risk 0.51cvss 7.8epss 0.00
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
- risk 0.51cvss 7.8epss 0.00
An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted…
- risk 0.51cvss 7.8epss 0.01
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- risk 0.51cvss 7.8epss 0.01
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
- risk 0.51cvss 7.8epss 0.01
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.
- risk 0.51cvss 7.8epss 0.01
Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.
- risk 0.50cvss 7.7epss 0.00
Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Low)
- risk 0.50cvss 7.5epss 0.18
Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Page 105 of 271