Chrome
by Google
Source repositories
CVEs (5,373)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5166 | Low | 0.20 | 3.1 | 0.01 | Sep 11, 2016 | The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover… | ||
| CVE-2026-2441 | 0.17 | — | 0.22 | KEV | Feb 13, 2026 | Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-4863 | Hig | 0.13 | 8.8 | 1.00 | KEV | Sep 12, 2023 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | |
| CVE-2026-3910 | 0.12 | — | 0.02 | KEV | Mar 12, 2026 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-3909 | 0.12 | — | 0.02 | KEV | Mar 12, 2026 | Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-14174 | 0.12 | — | 0.22 | KEV | Dec 12, 2025 | Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-13223 | 0.12 | — | 0.05 | KEV | Nov 17, 2025 | Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-10585 | 0.12 | — | 0.05 | KEV | Sep 24, 2025 | Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2011-3389 | 0.09 | — | 0.73 | Sep 6, 2011 | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to… | |||
| CVE-2023-5217 | Hig | 0.08 | 8.8 | 0.34 | KEV | Sep 28, 2023 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2010-1663 | 0.07 | — | 0.54 | May 3, 2010 | The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||
| CVE-2011-3026 | 0.06 | — | 0.73 | Feb 16, 2012 | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | |||
| CVE-2015-6787 | 0.04 | — | 0.08 | Dec 6, 2015 | Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-6763 | 0.04 | — | 0.07 | Oct 15, 2015 | Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1265 | 0.04 | — | 0.08 | May 20, 2015 | Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2014-7910 | 0.04 | — | 0.08 | Nov 19, 2014 | Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-2842 | 0.04 | — | 0.12 | May 22, 2013 | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. | |||
| CVE-2010-2300 | 0.04 | — | 0.09 | Jun 15, 2010 | Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers… | |||
| CVE-2010-1029 | 0.04 | — | 0.10 | Mar 19, 2010 | Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly… | |||
| CVE-2010-0655 | 0.04 | — | 0.07 | Feb 18, 2010 | Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different… |
- risk 0.20cvss 3.1epss 0.01
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover…
- risk 0.17cvss —epss 0.22
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.13cvss 8.8epss 1.00
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
- risk 0.12cvss —epss 0.02
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- risk 0.12cvss —epss 0.02
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- risk 0.12cvss —epss 0.22
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- risk 0.12cvss —epss 0.05
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.12cvss —epss 0.05
Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2011-3389Sep 6, 2011risk 0.09cvss —epss 0.73
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to…
- risk 0.08cvss 8.8epss 0.34
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2010-1663May 3, 2010risk 0.07cvss —epss 0.54
The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
- CVE-2011-3026Feb 16, 2012risk 0.06cvss —epss 0.73
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
- CVE-2015-6787Dec 6, 2015risk 0.04cvss —epss 0.08
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2015-6763Oct 15, 2015risk 0.04cvss —epss 0.07
Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2015-1265May 20, 2015risk 0.04cvss —epss 0.08
Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2014-7910Nov 19, 2014risk 0.04cvss —epss 0.08
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2013-2842May 22, 2013risk 0.04cvss —epss 0.12
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
- CVE-2010-2300Jun 15, 2010risk 0.04cvss —epss 0.09
Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers…
- CVE-2010-1029Mar 19, 2010risk 0.04cvss —epss 0.10
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly…
- CVE-2010-0655Feb 18, 2010risk 0.04cvss —epss 0.07
Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different…
Page 178 of 269