Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Google Subscribe
Filtered by product Chrome

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3051 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21215 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21225 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 6.8 MEDIUM 8.8 HIGH
Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21224 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2021-21223 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 6.8 MEDIUM 9.6 CRITICAL
Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21222 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 4.3 MEDIUM 6.5 MEDIUM
Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
CVE-2021-21221 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 4.3 MEDIUM 6.5 MEDIUM
Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
CVE-2021-21218 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 4.3 MEDIUM 5.5 MEDIUM
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
CVE-2021-21216 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21231 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 6.8 MEDIUM 8.8 HIGH
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21230 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21228 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
CVE-2021-21227 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 6.8 MEDIUM 8.8 HIGH
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21229 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2021-06-01 4.3 MEDIUM 6.5 MEDIUM
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2021-21156 2 Fedoraproject, Google 2 Fedora, Chrome 2021-05-17 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.
CVE-2021-21148 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-05-17 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15991 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-03-17 6.8 MEDIUM 8.8 HIGH
Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16000 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-03-17 6.8 MEDIUM 8.8 HIGH
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15990 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-03-17 6.8 MEDIUM 8.8 HIGH
Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6525 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-03-16 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6527 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-03-16 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6536 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-03-16 4.3 MEDIUM 4.3 MEDIUM
Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.
CVE-2020-6537 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-03-16 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2021-21118 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-15 6.8 MEDIUM 8.8 HIGH
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2021-21137 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-15 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
CVE-2021-21139 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-15 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6522 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-03-12 6.8 MEDIUM 9.6 CRITICAL
Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6519 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-03-12 4.3 MEDIUM 6.5 MEDIUM
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6516 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-03-12 4.3 MEDIUM 4.3 MEDIUM
Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6517 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-03-12 9.3 HIGH 8.8 HIGH
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6538 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-03-11 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6554 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-03-11 6.8 MEDIUM 8.6 HIGH
Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2020-16006 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-03-11 6.8 MEDIUM 8.8 HIGH
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16008 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-03-11 6.8 MEDIUM 8.8 HIGH
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
CVE-2020-16011 4 Debian, Google, Microsoft and 1 more 5 Debian Linux, Chrome, Windows and 2 more 2021-03-11 6.8 MEDIUM 9.6 CRITICAL
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-15970 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-03-11 6.8 MEDIUM 8.8 HIGH
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-15971 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-03-11 6.8 MEDIUM 8.8 HIGH
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-15967 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-03-11 6.8 MEDIUM 8.8 HIGH
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-15973 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-03-11 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.
CVE-2020-15980 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Android and 2 more 2021-03-11 4.6 MEDIUM 7.8 HIGH
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.
CVE-2020-15981 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-03-11 4.3 MEDIUM 6.5 MEDIUM
Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2020-15983 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-03-11 4.4 MEDIUM 7.8 HIGH
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
CVE-2020-15982 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-03-11 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2020-15984 5 Apple, Debian, Fedoraproject and 2 more 5 Iphone Os, Debian Linux, Fedora and 2 more 2021-03-11 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.
CVE-2020-15988 5 Debian, Fedoraproject, Google and 2 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-03-11 6.8 MEDIUM 6.3 MEDIUM
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
CVE-2021-21136 2 Google, Microsoft 3 Android, Chrome, Edge Chromium 2021-03-08 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-21135 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-08 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-21134 3 Apple, Google, Microsoft 3 Iphone Os, Chrome, Edge Chromium 2021-03-08 4.3 MEDIUM 6.5 MEDIUM
Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21132 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-08 6.8 MEDIUM 9.6 CRITICAL
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2021-21124 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-08 6.8 MEDIUM 9.6 CRITICAL
Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21120 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-08 6.8 MEDIUM 8.8 HIGH
Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.