Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Google Subscribe
Filtered by product Chrome

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 107 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6345 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2023-12-15 N/A 9.6 CRITICAL
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
CVE-2022-4920 1 Google 1 Chrome 2023-08-19 N/A 9.6 CRITICAL
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2022-4924 1 Google 1 Chrome 2023-08-12 N/A 9.6 CRITICAL
Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2022-1312 1 Google 1 Chrome 2022-07-27 N/A 9.6 CRITICAL
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2022-1309 1 Google 1 Chrome 2022-07-27 N/A 9.6 CRITICAL
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2022-0977 1 Google 2 Chrome, Chrome Os 2022-07-26 N/A 9.6 CRITICAL
Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21146 2 Fedoraproject, Google 2 Fedora, Chrome 2022-04-26 6.8 MEDIUM 9.6 CRITICAL
Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-38002 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-28 6.8 MEDIUM 9.6 CRITICAL
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2022-0290 1 Google 1 Chrome 2022-02-21 6.8 MEDIUM 9.6 CRITICAL
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-38013 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Chrome and 1 more 2022-02-19 6.8 MEDIUM 9.6 CRITICAL
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2022-0097 1 Google 1 Chrome 2022-02-18 6.8 MEDIUM 9.6 CRITICAL
Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.
CVE-2021-37981 2 Debian, Google 2 Debian Linux, Chrome 2022-02-18 6.8 MEDIUM 9.6 CRITICAL
Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-37973 2 Fedoraproject, Google 2 Fedora, Chrome 2022-01-15 6.8 MEDIUM 9.6 CRITICAL
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21154 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-10 6.8 MEDIUM 9.6 CRITICAL
Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21155 3 Fedoraproject, Google, Microsoft 3 Fedora, Chrome, Windows 2021-12-10 6.8 MEDIUM 9.6 CRITICAL
Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21151 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-10 6.8 MEDIUM 9.6 CRITICAL
Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21150 3 Fedoraproject, Google, Microsoft 3 Fedora, Chrome, Windows 2021-12-10 6.8 MEDIUM 9.6 CRITICAL
Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-30571 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-10 6.8 MEDIUM 9.6 CRITICAL
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-30633 2 Fedoraproject, Google 2 Fedora, Chrome 2021-11-23 6.8 MEDIUM 9.6 CRITICAL
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6492 1 Google 1 Chrome 2021-11-03 6.8 MEDIUM 9.6 CRITICAL
Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21142 3 Apple, Fedoraproject, Google 3 Macos, Fedora, Chrome 2021-09-14 6.8 MEDIUM 9.6 CRITICAL
Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2016-5202 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2021-09-08 7.5 HIGH 9.1 CRITICAL
browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy.
CVE-2019-5759 5 Apple, Debian, Fedoraproject and 2 more 8 Macos, Debian Linux, Fedora and 5 more 2021-09-08 6.8 MEDIUM 9.6 CRITICAL
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2017-5053 4 Apple, Google, Linux and 1 more 5 Macos, Android, Chrome and 2 more 2021-09-08 6.8 MEDIUM 9.6 CRITICAL
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.
CVE-2020-16014 1 Google 1 Chrome 2021-07-21 6.8 MEDIUM 9.6 CRITICAL
Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21226 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-03 6.8 MEDIUM 9.6 CRITICAL
Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21201 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-02 6.8 MEDIUM 9.6 CRITICAL
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21223 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 6.8 MEDIUM 9.6 CRITICAL
Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6522 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-03-12 6.8 MEDIUM 9.6 CRITICAL
Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16011 4 Debian, Google, Microsoft and 1 more 5 Debian Linux, Chrome, Windows and 2 more 2021-03-11 6.8 MEDIUM 9.6 CRITICAL
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21132 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-08 6.8 MEDIUM 9.6 CRITICAL
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2021-21124 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-08 6.8 MEDIUM 9.6 CRITICAL
Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21121 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-08 6.8 MEDIUM 9.6 CRITICAL
Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16025 1 Google 1 Chrome 2021-02-25 6.8 MEDIUM 9.6 CRITICAL
Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16024 1 Google 2 Chrome, Chrome Os 2021-02-25 6.8 MEDIUM 9.6 CRITICAL
Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-15963 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-01-29 6.8 MEDIUM 9.6 CRITICAL
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2020-15961 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-01-29 6.8 MEDIUM 9.6 CRITICAL
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2021-21115 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-01-28 6.8 MEDIUM 9.6 CRITICAL
User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21111 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-01-28 6.8 MEDIUM 9.6 CRITICAL
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2021-21110 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-01-28 6.8 MEDIUM 9.6 CRITICAL
Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21107 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-01-28 6.8 MEDIUM 9.6 CRITICAL
Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21106 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-01-28 9.3 HIGH 9.6 CRITICAL
Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21109 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-01-28 6.8 MEDIUM 9.6 CRITICAL
Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21108 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-01-28 6.8 MEDIUM 9.6 CRITICAL
Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6471 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-01-28 6.8 MEDIUM 9.6 CRITICAL
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2020-6573 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-01-27 6.8 MEDIUM 9.6 CRITICAL
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16045 1 Google 2 Android, Chrome 2021-01-19 6.8 MEDIUM 9.6 CRITICAL
Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16018 1 Google 1 Chrome 2021-01-11 6.8 MEDIUM 9.6 CRITICAL
Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16017 1 Google 1 Chrome 2021-01-11 6.8 MEDIUM 9.6 CRITICAL
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16016 1 Google 1 Chrome 2021-01-11 6.8 MEDIUM 9.6 CRITICAL
Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.