Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Google Subscribe
Filtered by product Chrome

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3051 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-37982 2 Debian, Google 2 Debian Linux, Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37980 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2022-02-18 4.3 MEDIUM 7.4 HIGH
Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.
CVE-2021-37979 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37966 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2022-02-18 4.3 MEDIUM 4.3 MEDIUM
Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2021-37964 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Chrome and 1 more 2022-02-18 4.3 MEDIUM 3.3 LOW
Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.
CVE-2021-37962 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37963 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-18 4.3 MEDIUM 4.3 MEDIUM
Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page.
CVE-2021-37961 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37959 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37958 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-18 5.8 MEDIUM 5.4 MEDIUM
Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
CVE-2021-37956 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37957 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0104 1 Google 1 Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0101 1 Google 1 Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture.
CVE-2022-0111 1 Google 1 Chrome 2022-02-18 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.
CVE-2022-0109 1 Google 1 Chrome 2022-02-18 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.
CVE-2022-0108 1 Google 1 Chrome 2022-02-18 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-37991 2 Debian, Google 2 Debian Linux, Chrome 2022-02-18 5.1 MEDIUM 7.5 HIGH
Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37992 2 Debian, Google 2 Debian Linux, Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37993 2 Debian, Google 2 Debian Linux, Chrome 2022-02-18 6.8 MEDIUM 8.8 HIGH
Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0102 1 Google 1 Chrome 2022-02-17 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0105 1 Google 1 Chrome 2022-02-17 6.8 MEDIUM 8.8 HIGH
Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0096 1 Google 1 Chrome 2022-02-17 6.8 MEDIUM 8.8 HIGH
Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0103 1 Google 1 Chrome 2022-02-17 6.8 MEDIUM 8.8 HIGH
Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4102 1 Google 1 Chrome 2022-02-15 6.8 MEDIUM 8.8 HIGH
Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4079 2 Debian, Google 2 Debian Linux, Chrome 2022-02-12 6.8 MEDIUM 8.8 HIGH
Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.
CVE-2021-4064 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-12 6.8 MEDIUM 8.8 HIGH
Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4063 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-12 6.8 MEDIUM 8.8 HIGH
Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4062 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-12 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37990 2 Debian, Google 2 Debian Linux, Chrome 2022-02-12 4.3 MEDIUM 5.5 MEDIUM
Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.
CVE-2021-37989 2 Debian, Google 2 Debian Linux, Chrome 2022-02-12 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.
CVE-2021-37988 2 Debian, Google 2 Debian Linux, Chrome 2022-02-12 6.8 MEDIUM 8.8 HIGH
Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37986 2 Debian, Google 2 Debian Linux, Chrome 2022-02-12 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4061 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-12 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37987 2 Debian, Google 2 Debian Linux, Chrome 2022-02-12 6.8 MEDIUM 8.8 HIGH
Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37985 2 Debian, Google 2 Debian Linux, Chrome 2022-02-12 6.8 MEDIUM 8.8 HIGH
Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-38010 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2022-02-11 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
CVE-2019-13734 1 Google 1 Chrome 2022-02-07 6.8 MEDIUM 8.8 HIGH
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15999 5 Debian, Fedoraproject, Freetype and 2 more 5 Debian Linux, Fedora, Freetype and 2 more 2022-01-28 4.3 MEDIUM 6.5 MEDIUM
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37972 2 Fedoraproject, Google 2 Fedora, Chrome 2022-01-15 6.8 MEDIUM 8.8 HIGH
Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37970 2 Fedoraproject, Google 2 Fedora, Chrome 2022-01-15 6.8 MEDIUM 8.8 HIGH
Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37971 2 Fedoraproject, Google 2 Fedora, Chrome 2022-01-15 4.3 MEDIUM 4.3 MEDIUM
Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2021-37973 2 Fedoraproject, Google 2 Fedora, Chrome 2022-01-15 6.8 MEDIUM 9.6 CRITICAL
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2019-13711 2 Google, Opensuse 2 Chrome, Backports 2022-01-01 5.0 MEDIUM 5.3 MEDIUM
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13713 2 Google, Opensuse 2 Chrome, Backports 2022-01-01 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13705 2 Google, Opensuse 2 Chrome, Backports 2022-01-01 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
CVE-2019-5879 1 Google 1 Chrome 2022-01-01 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
CVE-2019-13707 2 Google, Opensuse 2 Chrome, Backports 2022-01-01 4.3 MEDIUM 5.5 MEDIUM
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.
CVE-2019-13730 6 Debian, Fedoraproject, Google and 3 more 9 Debian Linux, Fedora, Chrome and 6 more 2022-01-01 6.8 MEDIUM 8.8 HIGH
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6379 2 Fedoraproject, Google 2 Fedora, Chrome 2022-01-01 6.8 MEDIUM 8.8 HIGH
Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.