Total
3816 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9865 | 1 Google | 2 Android, Chrome | 2025-09-04 | N/A | 5.4 MEDIUM |
|
Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-9478 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-09-02 | N/A | 8.8 HIGH |
|
Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
|
|||||
| CVE-2025-4609 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-08-25 | N/A | 9.6 CRITICAL |
|
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
|
|||||
| CVE-2025-9132 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-21 | N/A | 8.8 HIGH |
|
Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-8880 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-14 | N/A | 8.8 HIGH |
|
Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-8881 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-14 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-8577 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-08 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-8579 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-08 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-8580 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-08 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-8581 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-08 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-8583 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-08 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-8292 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-01 | N/A | 8.8 HIGH |
|
Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-11395 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-07-29 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-7656 | 1 Google | 1 Chrome | 2025-07-16 | N/A | 8.8 HIGH |
|
Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-7657 | 1 Google | 1 Chrome | 2025-07-16 | N/A | 8.8 HIGH |
|
Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-6557 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-07-15 | N/A | 5.4 MEDIUM |
|
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-8907 | 1 Google | 2 Android, Chrome | 2025-07-15 | N/A | 6.1 MEDIUM |
|
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)
|
|||||
| CVE-2025-3619 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-07-15 | N/A | 8.8 HIGH |
|
Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
|
|||||
| CVE-2023-3735 | 1 Google | 1 Chrome | 2025-07-09 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-6192 | 1 Google | 1 Chrome | 2025-07-03 | N/A | 8.8 HIGH |
|
Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-6191 | 1 Google | 1 Chrome | 2025-07-03 | N/A | 8.8 HIGH |
|
Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-4358 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-07-03 | N/A | 8.8 HIGH |
|
Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-6555 | 1 Google | 1 Chrome | 2025-07-02 | N/A | 5.4 MEDIUM |
|
Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-6556 | 1 Google | 1 Chrome | 2025-07-02 | N/A | 5.4 MEDIUM |
|
Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-5063 | 1 Google | 1 Chrome | 2025-07-02 | N/A | 8.8 HIGH |
|
Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-4428 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-07-01 | N/A | 8.1 HIGH |
|
Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2010-1233 | 1 Google | 1 Chrome | 2025-06-25 | 10.0 HIGH | N/A |
|
Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.
|
|||||
| CVE-2023-4761 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-06-25 | N/A | 8.1 HIGH |
|
Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-0813 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | N/A | 8.8 HIGH |
|
Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
|
|||||
| CVE-2024-0807 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | N/A | 8.8 HIGH |
|
Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-0806 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | N/A | 8.8 HIGH |
|
Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
|
|||||
| CVE-2024-0805 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-20 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
|
|||||
| CVE-2024-0225 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-18 | N/A | 8.8 HIGH |
|
Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-0224 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-18 | N/A | 8.8 HIGH |
|
Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-0223 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-18 | N/A | 8.8 HIGH |
|
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-0222 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-18 | N/A | 8.8 HIGH |
|
Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-1283 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-17 | N/A | 9.8 CRITICAL |
|
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-0811 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-16 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)
|
|||||
| CVE-2023-5485 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-06-16 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-5958 | 1 Google | 1 Chrome | 2025-06-16 | N/A | 8.8 HIGH |
|
Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||