Filtered by vendor Google
Subscriptions
Filtered by product Chrome
Subscriptions
Total
3670 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34091 | 1 Google | 1 Chrome | 2025-07-24 | N/A |
| Neither filed by Chrome nor a valid security vulnerability. | ||||
| CVE-2025-34090 | 1 Google | 1 Chrome | 2025-07-24 | N/A |
| Neither filed by Chrome nor a valid security vulnerability. | ||||
| CVE-2025-7656 | 1 Google | 1 Chrome | 2025-07-16 | 8.8 High |
| Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-7657 | 1 Google | 1 Chrome | 2025-07-16 | 8.8 High |
| Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-6557 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-07-15 | 5.4 Medium |
| Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-8907 | 1 Google | 2 Android, Chrome | 2025-07-15 | 6.1 Medium |
| Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium) | ||||
| CVE-2025-3067 | 1 Google | 2 Android, Chrome | 2025-07-15 | 8.8 High |
| Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium) | ||||
| CVE-2025-3619 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-07-15 | 8.8 High |
| Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2023-3735 | 1 Google | 1 Chrome | 2025-07-09 | 4.3 Medium |
| Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-6556 | 1 Google | 1 Chrome | 2025-07-06 | 5.4 Medium |
| Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-6555 | 1 Google | 1 Chrome | 2025-07-06 | 5.4 Medium |
| Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-6192 | 1 Google | 1 Chrome | 2025-07-03 | 8.8 High |
| Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-6191 | 1 Google | 1 Chrome | 2025-07-03 | 8.8 High |
| Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-4358 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-07-03 | 8.8 High |
| Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-5063 | 1 Google | 1 Chrome | 2025-07-02 | 8.8 High |
| Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-4428 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-07-01 | 8.1 High |
| Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2010-1233 | 1 Google | 1 Chrome | 2025-06-25 | N/A |
| Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects. | ||||
| CVE-2023-4761 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-06-25 | 8.1 High |
| Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-5958 | 1 Google | 1 Chrome | 2025-06-24 | 8.8 High |
| Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-5959 | 1 Google | 1 Chrome | 2025-06-24 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||