CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-0792 125 2022-04-05 2023-01-24
4.3
None Remote Medium Not required Partial None None
Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2 CVE-2022-0462 2022-04-05 2022-04-12
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
3 CVE-2022-0309 863 Bypass 2022-02-12 2022-02-22
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
4 CVE-2022-0305 863 Bypass 2022-02-12 2022-02-22
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
5 CVE-2022-0294 Bypass 2022-02-12 2022-02-22
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
6 CVE-2022-0292 Bypass 2022-02-12 2022-02-22
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
7 CVE-2022-0291 Bypass 2022-02-12 2022-02-22
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
8 CVE-2022-0120 346 2022-02-12 2022-04-19
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.
9 CVE-2022-0118 2022-02-12 2022-04-19
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page.
10 CVE-2022-0117 668 Bypass 2022-02-12 2022-04-19
4.3
None Remote Medium Not required Partial None None
Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
11 CVE-2022-0116 2022-02-12 2022-04-19
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
12 CVE-2022-0113 346 2022-02-12 2022-04-19
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
13 CVE-2022-0112 2022-02-12 2022-04-19
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL.
14 CVE-2022-0111 346 2022-02-12 2022-04-19
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.
15 CVE-2022-0110 20 2022-02-12 2022-04-19
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
16 CVE-2022-0109 +Info 2022-02-12 2022-04-19
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.
17 CVE-2022-0108 346 2022-02-12 2022-04-19
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
18 CVE-2021-38022 2021-12-23 2022-02-18
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
19 CVE-2021-38021 Bypass 2021-12-23 2022-02-18
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
20 CVE-2021-38019 670 2021-12-23 2022-07-12
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
21 CVE-2021-38018 2021-12-23 2022-02-18
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
22 CVE-2021-38010 Bypass 2021-12-23 2022-02-11
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
23 CVE-2021-38009 668 2021-12-23 2022-02-28
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
24 CVE-2021-38004 668 2021-11-23 2022-02-18
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
25 CVE-2021-37999 79 XSS 2021-11-23 2022-02-28
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
26 CVE-2021-37996 20 Bypass 2021-11-02 2022-02-28
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.
27 CVE-2021-37995 2021-11-02 2022-02-28
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
28 CVE-2021-37994 Bypass 2021-11-02 2022-02-28
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
29 CVE-2021-37990 2021-11-02 2022-02-12
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.
30 CVE-2021-37989 2021-11-02 2022-02-12
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.
31 CVE-2021-37976 862 +Info 2021-10-08 2022-07-12
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
32 CVE-2021-37971 1021 2021-10-08 2022-03-30
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
33 CVE-2021-37968 203 2021-10-08 2022-07-12
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
34 CVE-2021-37967 346 2021-10-08 2022-07-12
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
35 CVE-2021-37965 2021-10-08 2022-07-12
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
36 CVE-2021-37963 Bypass +Info 2021-10-08 2022-02-18
4.3
None Remote Medium Not required Partial None None
Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page.
37 CVE-2021-30630 346 2021-10-08 2022-07-12
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
38 CVE-2021-30597 416 2021-08-26 2021-11-30
4.6
None Local Low Not required Partial Partial Partial
Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.
39 CVE-2021-30594 416 2021-08-26 2021-11-30
4.6
None Local Low Not required Partial Partial Partial
Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.
40 CVE-2021-30589 20 Bypass 2021-08-03 2021-12-08
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link.
41 CVE-2021-30587 2021-08-03 2021-12-08
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
42 CVE-2021-30584 2021-08-03 2021-12-08
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
43 CVE-2021-30582 2021-08-03 2021-12-08
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
44 CVE-2021-30580 +Info 2021-08-03 2022-07-12
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page.
45 CVE-2021-30540 74 2021-06-07 2022-07-12
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
46 CVE-2021-30538 863 Bypass 2021-06-07 2021-12-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
47 CVE-2021-30537 863 Bypass 2021-06-07 2021-12-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.
48 CVE-2021-30534 863 Bypass 2021-06-07 2021-12-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
49 CVE-2021-30533 863 Bypass 2021-06-07 2021-12-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
50 CVE-2021-30532 Bypass 2021-06-07 2022-07-12
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Total number of vulnerabilities : 669   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.