Chrome
by Google
Source repositories
CVEs (5,372)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-1290 | 0.00 | — | 0.00 | Apr 17, 2025 | A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can occur before a worker thread… | |||
| CVE-2025-1568 | 0.00 | — | 0.00 | Apr 16, 2025 | Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via… | |||
| CVE-2025-2073 | 0.00 | — | 0.00 | Apr 16, 2025 | Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure | |||
| CVE-2025-1704 | 0.00 | — | 0.00 | Apr 16, 2025 | ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition. | |||
| CVE-2025-1566 | 0.00 | — | 0.00 | Apr 16, 2025 | DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions. | |||
| CVE-2025-3620 | 0.00 | — | 0.00 | Apr 16, 2025 | Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2025-3619 | 0.00 | — | 0.00 | Apr 16, 2025 | Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2025-1122 | 0.00 | — | 0.00 | Apr 15, 2025 | Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process. | |||
| CVE-2025-1292 | 0.00 | — | 0.00 | Apr 15, 2025 | Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process. | |||
| CVE-2025-3074 | 0.00 | — | 0.00 | Apr 2, 2025 | Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2025-3073 | 0.00 | — | 0.00 | Apr 2, 2025 | Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2025-3072 | 0.00 | — | 0.00 | Apr 2, 2025 | Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2025-3071 | 0.00 | — | 0.00 | Apr 2, 2025 | Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2025-3070 | 0.00 | — | 0.00 | Apr 2, 2025 | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-3069 | 0.00 | — | 0.00 | Apr 2, 2025 | Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-3068 | 0.00 | — | 0.00 | Apr 2, 2025 | Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-3067 | 0.00 | — | 0.01 | Apr 2, 2025 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium) | |||
| CVE-2025-3066 | 0.00 | — | 0.00 | Apr 2, 2025 | Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2025-2137 | 0.00 | — | 0.00 | Mar 10, 2025 | Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2025-2136 | 0.00 | — | 0.00 | Mar 10, 2025 | Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
- CVE-2025-1290Apr 17, 2025risk 0.00cvss —epss 0.00
A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can occur before a worker thread…
- CVE-2025-1568Apr 16, 2025risk 0.00cvss —epss 0.00
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via…
- CVE-2025-2073Apr 16, 2025risk 0.00cvss —epss 0.00
Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure
- CVE-2025-1704Apr 16, 2025risk 0.00cvss —epss 0.00
ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.
- CVE-2025-1566Apr 16, 2025risk 0.00cvss —epss 0.00
DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.
- CVE-2025-3620Apr 16, 2025risk 0.00cvss —epss 0.00
Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-3619Apr 16, 2025risk 0.00cvss —epss 0.00
Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2025-1122Apr 15, 2025risk 0.00cvss —epss 0.00
Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
- CVE-2025-1292Apr 15, 2025risk 0.00cvss —epss 0.00
Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
- CVE-2025-3074Apr 2, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-3073Apr 2, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-3072Apr 2, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-3071Apr 2, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-3070Apr 2, 2025risk 0.00cvss —epss 0.00
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-3069Apr 2, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-3068Apr 2, 2025risk 0.00cvss —epss 0.00
Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-3067Apr 2, 2025risk 0.00cvss —epss 0.01
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)
- CVE-2025-3066Apr 2, 2025risk 0.00cvss —epss 0.00
Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-2137Mar 10, 2025risk 0.00cvss —epss 0.00
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-2136Mar 10, 2025risk 0.00cvss —epss 0.00
Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Page 199 of 269