Vendor CVEs
Chromium
All CVEs
483 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7657 | 0.00 | — | 0.01 | Jul 15, 2025 | Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-6512 | 0.00 | — | 0.01 | Dec 6, 2023 | Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2023-5485 | 0.00 | — | 0.01 | Oct 11, 2023 | Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2023-1220 | 0.00 | — | 0.01 | Mar 7, 2023 | Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2023-1218 | 0.00 | — | 0.01 | Mar 7, 2023 | Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-4184 | 0.00 | — | 0.01 | Nov 29, 2022 | Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2022-3306 | 0.00 | — | 0.01 | Nov 1, 2022 | Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2021-30624 | 0.00 | — | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30624 Use after free in Autofill | |||
| CVE-2021-30622 | 0.00 | — | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30622 Use after free in WebApp Installs | |||
| CVE-2021-30621 | 0.00 | — | 0.03 | Sep 3, 2021 | Chromium: CVE-2021-30621 UI Spoofing in Autofill | |||
| CVE-2021-30620 | 0.00 | — | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink | |||
| CVE-2021-30619 | 0.00 | — | 0.03 | Sep 3, 2021 | Chromium: CVE-2021-30619 UI Spoofing in Autofill | |||
| CVE-2021-30618 | 0.00 | — | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30618 Inappropriate implementation in DevTools | |||
| CVE-2021-30617 | 0.00 | — | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30617 Policy bypass in Blink | |||
| CVE-2021-30616 | 0.00 | — | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30616 Use after free in Media | |||
| CVE-2021-30614 | 0.00 | — | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip | |||
| CVE-2021-30611 | 0.00 | — | 0.03 | Sep 3, 2021 | Chromium: CVE-2021-30611 Use after free in WebRTC | |||
| CVE-2021-30606 | 0.00 | — | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30606 Use after free in Blink | |||
| CVE-2015-1346 | 0.00 | — | 0.01 | Jan 22, 2015 | Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1205 | 0.00 | — | 0.02 | Jan 22, 2015 | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2014-7943 | 0.00 | — | 0.02 | Jan 22, 2015 | Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2014-7942 | 0.00 | — | 0.02 | Jan 22, 2015 | The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2014-7941 | 0.00 | — | 0.02 | Jan 22, 2015 | The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via… | |||
| CVE-2014-7939 | 0.00 | — | 0.03 | Jan 22, 2015 | Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options:… | |||
| CVE-2013-2849 | 0.00 | — | 0.01 | May 22, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | |||
| CVE-2013-2847 | 0.00 | — | 0.01 | May 22, 2013 | Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2012-2850 | 0.00 | — | 0.01 | Aug 6, 2012 | Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document. | |||
| CVE-2011-2843 | 0.00 | — | 0.01 | Sep 19, 2011 | Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2011-2782 | 0.00 | — | 0.01 | Aug 3, 2011 | The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2011-1797 | 0.00 | — | 0.04 | Jul 21, 2011 | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||
| CVE-2011-1291 | 0.00 | — | 0.02 | Mar 25, 2011 | Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error." | |||
| CVE-2011-1191 | 0.00 | — | 0.02 | Mar 11, 2011 | Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs. | |||
| CVE-2010-3117 | 0.00 | — | 0.01 | Aug 24, 2010 | Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors. |
- CVE-2025-7657Jul 15, 2025risk 0.00cvss —epss 0.01
Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-6512Dec 6, 2023risk 0.00cvss —epss 0.01
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)
- CVE-2023-5485Oct 11, 2023risk 0.00cvss —epss 0.01
Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
- CVE-2023-1220Mar 7, 2023risk 0.00cvss —epss 0.01
Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-1218Mar 7, 2023risk 0.00cvss —epss 0.01
Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-4184Nov 29, 2022risk 0.00cvss —epss 0.01
Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2022-3306Nov 1, 2022risk 0.00cvss —epss 0.01
Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2021-30624Sep 3, 2021risk 0.00cvss —epss 0.04
Chromium: CVE-2021-30624 Use after free in Autofill
- CVE-2021-30622Sep 3, 2021risk 0.00cvss —epss 0.04
Chromium: CVE-2021-30622 Use after free in WebApp Installs
- CVE-2021-30621Sep 3, 2021risk 0.00cvss —epss 0.03
Chromium: CVE-2021-30621 UI Spoofing in Autofill
- CVE-2021-30620Sep 3, 2021risk 0.00cvss —epss 0.04
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
- CVE-2021-30619Sep 3, 2021risk 0.00cvss —epss 0.03
Chromium: CVE-2021-30619 UI Spoofing in Autofill
- CVE-2021-30618Sep 3, 2021risk 0.00cvss —epss 0.04
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
- CVE-2021-30617Sep 3, 2021risk 0.00cvss —epss 0.04
Chromium: CVE-2021-30617 Policy bypass in Blink
- CVE-2021-30616Sep 3, 2021risk 0.00cvss —epss 0.04
Chromium: CVE-2021-30616 Use after free in Media
- CVE-2021-30614Sep 3, 2021risk 0.00cvss —epss 0.04
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
- CVE-2021-30611Sep 3, 2021risk 0.00cvss —epss 0.03
Chromium: CVE-2021-30611 Use after free in WebRTC
- CVE-2021-30606Sep 3, 2021risk 0.00cvss —epss 0.04
Chromium: CVE-2021-30606 Use after free in Blink
- CVE-2015-1346Jan 22, 2015risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2015-1205Jan 22, 2015risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2014-7943Jan 22, 2015risk 0.00cvss —epss 0.02
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2014-7942Jan 22, 2015risk 0.00cvss —epss 0.02
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2014-7941Jan 22, 2015risk 0.00cvss —epss 0.02
The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via…
- CVE-2014-7939Jan 22, 2015risk 0.00cvss —epss 0.03
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options:…
- CVE-2013-2849May 22, 2013risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
- CVE-2013-2847May 22, 2013risk 0.00cvss —epss 0.01
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
- CVE-2012-2850Aug 6, 2012risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document.
- CVE-2011-2843Sep 19, 2011risk 0.00cvss —epss 0.01
Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2011-2782Aug 3, 2011risk 0.00cvss —epss 0.01
The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
- CVE-2011-1797Jul 21, 2011risk 0.00cvss —epss 0.04
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
- CVE-2011-1291Mar 25, 2011risk 0.00cvss —epss 0.02
Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."
- CVE-2011-1191Mar 11, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs.
- CVE-2010-3117Aug 24, 2010risk 0.00cvss —epss 0.01
Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors.
Page 10 of 10