📦 Chrome
by Google
🔍 What is Chrome?
Chrome serves as the primary gateway to the internet for billions of users, handling sensitive activities including online banking, email access, cloud application usage (Google Workspace, Microsoft 365), e-commerce transactions, social media, and corporate web applications. The browser integrates tightly with Google services, enterprise identity systems, password managers, and browser extensions, making it a high-value target for cyber attackers.
Security vulnerabilities in Google Chrome can expose users to severe risks including remote code execution (RCE), cross-site scripting (XSS), sandbox escapes, memory corruption, and zero-day exploits. Common vulnerability types affect the V8 JavaScript engine, Blink rendering engine, browser sandbox, PDF viewer, WebRTC implementation, and Chrome extensions. High-profile vulnerabilities often lead to arbitrary code execution, allowing attackers to steal credentials, install malware, intercept communications, and compromise entire systems.
Organizations should prioritize Chrome security updates through enterprise patch management, as browser vulnerabilities are frequently exploited in targeted attacks, phishing campaigns, and drive-by download attacks. Chrome's automatic update mechanism helps protect consumers, but enterprise deployments require careful testing and controlled rollouts. Security teams should monitor Chrome releases, enable enterprise security policies, restrict risky extensions, and implement browser isolation technologies to reduce attack surface.
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows a remote attacker to read memory outside the intended buffer in Chrome's media component by tricking a user into visiting a malicious HTML page. All users running vulnerable ...
This vulnerability allows attackers to spoof the URL bar (Omnibox) in Google Chrome on Android, potentially tricking users into believing they're on a legitimate website when they're actually on a mal...
This vulnerability allows attackers to spoof the user interface in Chrome's Split View mode, potentially tricking users into interacting with malicious content disguised as legitimate UI elements. All...
This vulnerability in Google Chrome allows attackers who obtain network log files to potentially extract sensitive information due to insufficient policy enforcement. It affects all users running Chro...
A type confusion vulnerability in Chrome's V8 JavaScript engine allows attackers to trigger heap corruption by tricking the browser into misinterpreting object types. This affects all users running vu...
This vulnerability in Google Chrome's Mojo IPC system on Windows allows a remote attacker to escape the browser sandbox via a malicious file. Attackers could execute arbitrary code outside Chrome's se...
This vulnerability in Chrome DevTools allows attackers to bypass discretionary access control by tricking users into performing specific UI gestures on a malicious webpage. It affects all users runnin...
This vulnerability allows a remote attacker who has already compromised Chrome's renderer process to perform out-of-bounds memory writes via a crafted HTML page. This could lead to arbitrary code exec...
This vulnerability in Chrome's V8 JavaScript engine allows an attacker to escape the browser sandbox via a malicious HTML page. All users running affected Chrome versions are vulnerable. The sandbox e...
This is a type confusion vulnerability in Chrome's V8 JavaScript engine that allows remote attackers to trigger heap corruption via malicious HTML pages. Successful exploitation could lead to arbitrar...
This vulnerability allows a remote attacker who has already compromised Chrome's renderer process to escape the browser sandbox via a crafted HTML page. It affects Google Chrome versions prior to 115....
This vulnerability in Google Chrome allows an attacker who convinces a user to install a malicious application to potentially escape Chrome's sandbox via a malicious file. It affects Chrome users on a...
This vulnerability in Chrome's V8 JavaScript engine allows out-of-bounds memory access that could enable sandbox escape. Attackers could potentially execute arbitrary code outside Chrome's sandbox by ...
This is a type confusion vulnerability in Chrome's V8 JavaScript engine that allows remote attackers to execute arbitrary code within the browser's sandbox by tricking users into visiting a malicious ...
This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that allows remote attackers to execute arbitrary code within the browser's sandbox by tricking users into visiting a malic...
This is a use-after-free vulnerability in Google Chrome's Visuals component that allows a remote attacker who has already compromised the renderer process to potentially escape the browser sandbox. It...
This is a use-after-free vulnerability in ANGLE (Almost Native Graphics Layer Engine) component of Google Chrome. It allows remote attackers to potentially exploit heap corruption via crafted HTML pag...
This vulnerability allows a remote attacker who has already compromised Chrome's GPU process to perform a sandbox escape via specific UI gestures, potentially gaining full system access. It affects Go...
A heap buffer overflow vulnerability in Chrome's Skia graphics engine allows remote attackers to potentially exploit heap corruption via a crafted HTML page. This could lead to arbitrary code executio...
This vulnerability is an integer underflow in Chrome's WebUI that allows remote attackers to trigger heap corruption via malicious files. It affects Google Chrome versions prior to 121.0.6167.85, pote...
This vulnerability allows attackers to exploit heap corruption in Google Chrome's DevTools through malicious extensions. Users who install untrusted Chrome extensions are affected, potentially leading...
An integer overflow vulnerability in Chrome's V8 JavaScript engine allows remote attackers to trigger heap corruption via malicious HTML pages. This could lead to arbitrary code execution or browser c...
This is a use-after-free vulnerability in Chrome's CSS engine that allows remote attackers to execute arbitrary code within the browser's sandbox by tricking users into visiting a malicious webpage. A...
A race condition vulnerability in Chrome DevTools allows attackers to potentially corrupt memory objects when users perform specific UI gestures and have a malicious extension installed. This affects ...
This is a use-after-free vulnerability in Chrome's Ozone component that could allow heap corruption when users perform specific UI gestures on a malicious webpage. Attackers could potentially execute ...
This is a use-after-free vulnerability in Chrome's CSS engine that allows remote attackers to potentially exploit heap corruption. Attackers can trigger this by tricking users into visiting a maliciou...
This vulnerability in Chrome's WebGPU implementation allows attackers to access memory outside intended boundaries via malicious web pages. It affects all users running vulnerable Chrome versions, pot...
A heap buffer overflow vulnerability in libvpx video processing library in Google Chrome allows remote attackers to potentially execute arbitrary code or cause denial of service via a crafted HTML pag...
A type confusion vulnerability in Chrome's V8 JavaScript engine allows attackers to corrupt heap memory via malicious web pages. This could lead to arbitrary code execution in the browser context. All...
This CVE describes a use-after-free vulnerability in ANGLE (Almost Native Graphics Layer Engine) in Google Chrome that could allow heap corruption. Attackers could exploit this by tricking users into ...
This vulnerability in Chrome's V8 JavaScript engine allows attackers to read memory outside intended boundaries via malicious web pages. It affects all Chrome users on vulnerable versions, potentially...
This vulnerability in Chrome's V8 JavaScript engine allows attackers to corrupt memory objects through malicious HTML pages, potentially leading to arbitrary code execution. All users running affected...
This vulnerability allows a remote attacker to trigger out-of-bounds memory access in Chrome's V8 JavaScript engine, potentially leading to memory corruption and arbitrary code execution. Users runnin...
This vulnerability allows attackers who convince users to install malicious Chrome extensions to inject scripts or HTML into privileged pages through WebView tags. It affects Google Chrome users runni...
This vulnerability is a use-after-free flaw in Chrome's WebGPU implementation that allows remote attackers to potentially exploit heap corruption. Attackers can trigger this by tricking users into vis...
This vulnerability allows remote attackers to exploit heap corruption through out-of-bounds read/write in Chrome's V8 JavaScript engine. Attackers can execute arbitrary code by tricking users into vis...
This vulnerability allows remote attackers to perform out-of-bounds memory access in ANGLE (Almost Native Graphics Layer Engine) in Google Chrome on macOS. Attackers can exploit this by tricking users...
This CVE describes a use-after-free vulnerability in Chrome's Media Stream component that could allow heap corruption. Attackers could exploit this via malicious HTML pages to potentially execute arbi...
This vulnerability in Chrome's WebRTC implementation allows attackers to perform arbitrary read/write operations via a crafted HTML page. It affects users running vulnerable versions of Google Chrome,...
This vulnerability allows a remote attacker who has already compromised Chrome's renderer process to exploit heap corruption through a bad cast in the Loader component. Attackers could potentially exe...
A race condition vulnerability in Chrome's V8 JavaScript engine allows remote attackers to potentially cause heap corruption by tricking users into visiting a malicious webpage. This affects all users...
This vulnerability allows remote attackers to escalate privileges on Mac systems running vulnerable versions of Google Chrome. Attackers can exploit a flaw in Google Updater by tricking users into ope...
This is a use-after-free vulnerability in Google Chrome's Digital Credentials feature that allows heap corruption. Attackers who compromise the renderer process can potentially execute arbitrary code ...
A type confusion vulnerability in Chrome's V8 JavaScript engine allows attackers to trigger heap corruption by tricking the engine into treating one data type as another. This affects all users runnin...
A type confusion vulnerability in Chrome's V8 JavaScript engine allows attackers to trigger heap corruption by tricking the browser into misinterpreting object types. This affects all users running vu...
A type confusion vulnerability in Chrome's V8 JavaScript engine allows attackers to trigger heap corruption by tricking the engine into treating one data type as another. This affects all users runnin...
A type confusion vulnerability in Chrome's V8 JavaScript engine allows attackers to trigger heap corruption by tricking the engine into treating one data type as another. This affects all users runnin...
A type confusion vulnerability in Chrome's V8 JavaScript engine allows attackers to trigger heap corruption by tricking the engine into treating one data type as another. This affects all users runnin...
A type confusion vulnerability in Chrome's V8 JavaScript engine allows attackers to trigger heap corruption by tricking the engine into treating one data type as another. This affects all users runnin...
This is a type confusion vulnerability in Chrome's V8 JavaScript engine that could allow an attacker to execute arbitrary code or cause heap corruption. It affects all users running vulnerable version...
A type confusion vulnerability in Chrome's V8 JavaScript engine allows attackers to trigger heap corruption by tricking the engine into treating one data type as another. This affects all users runnin...
This vulnerability in Chrome DevTools allows a remote attacker to escape the browser sandbox via a crafted HTML page. It affects all users running Chrome versions before 126.0.6478.182. Successful exp...
This CVE describes a use-after-free vulnerability in Google Chrome on iOS that could allow heap corruption. An attacker could exploit this by tricking a user into performing specific UI gestures, pote...
This vulnerability allows remote attackers to potentially exploit heap corruption in Google Chrome's V8 JavaScript engine via a crafted HTML page. Attackers could execute arbitrary code or cause denia...
This vulnerability allows remote attackers to perform out-of-bounds memory writes via a crafted HTML page targeting Chrome's WebGPU implementation on Android. Attackers could potentially execute arbit...
This vulnerability allows a remote attacker who has already compromised Chrome's renderer process to escalate privileges via a crafted HTML page. It affects Google Chrome on Windows systems running ve...
This vulnerability is a heap corruption flaw in Chrome's V8 JavaScript engine that allows attackers to execute arbitrary code or crash the browser by tricking users into visiting a malicious webpage. ...
This CVE describes a use-after-free vulnerability in Google Chrome's PageInfo component that could allow heap corruption. Attackers can exploit it by tricking users into performing specific UI gesture...
This CVE describes a use-after-free vulnerability in the Ozone component of Google Chrome on Linux and ChromeOS. It allows a remote attacker to potentially exploit object corruption via a crafted HTML...
A high-severity object lifecycle vulnerability in Google Chrome allows remote attackers to perform UI spoofing via crafted HTML pages. This enables attackers to trick users into interacting with fake ...
This vulnerability allows attackers who convince users to install malicious Chrome extensions to inject scripts or HTML into privileged pages through DevTools. It affects all Google Chrome users prior...
This vulnerability in Google Chrome allows attackers to trick users into interacting with fake UI elements by convincing them to perform specific gestures on a malicious webpage. It affects Chrome use...
This vulnerability allows attackers to trick users into interacting with fake UI elements in Chrome's file input interface. Users who visit malicious websites while using vulnerable Chrome versions ar...
This vulnerability in Google Chrome's Downloads feature allows attackers to create deceptive download interfaces through malicious HTML pages. Users who visit crafted websites with vulnerable Chrome v...
This vulnerability allows attackers to create deceptive UI elements that appear legitimate but perform malicious actions. It affects users of Google Chrome versions before 145.0.7632.45 who visit mali...
This vulnerability in Google Chrome's animation implementation allows attackers to create malicious HTML pages that can leak data across different website origins. It affects all users running vulnera...
This vulnerability allows attackers to perform UI spoofing in Chrome's Picture-in-Picture feature. By convincing users to perform specific UI gestures on a malicious webpage, attackers can display fak...
This vulnerability in Google Chrome's Background Fetch API allows attackers to leak cross-origin data through specially crafted HTML pages. It affects users running Chrome versions before 144.0.7559.1...
This vulnerability allows attackers to spoof user interface elements in Chrome on Android, potentially tricking users into interacting with malicious content. It affects Android users running Chrome v...
This vulnerability allows remote attackers to bypass Chrome's dangerous file type protections on Windows systems. Attackers can trick users into downloading malicious files that would normally be bloc...
This vulnerability in Google Chrome allows attackers to spoof website domains through manipulated digital credential security interfaces. Users who visit malicious HTML pages with Chrome versions befo...
This vulnerability allows attackers to spoof website domains in the Chrome toolbar on Android devices, potentially tricking users into believing they're on legitimate sites. It affects Android users r...
A use-after-free vulnerability in Google Chrome's Password Manager allows remote attackers to potentially escape the browser sandbox via a crafted HTML page. This affects Chrome users on all platforms...
This side-channel vulnerability in Google Chrome allows attackers to bypass site isolation protections by exploiting navigation and loading behaviors. Attackers can potentially leak cross-origin infor...
This vulnerability allows a local attacker to bypass the Mark of the Web (MOTW) security feature in Google Chrome on Windows. Attackers can craft HTML pages that evade security warnings when downloade...
This vulnerability allows a local attacker to spoof the Chrome downloads UI via a malicious HTML page, tricking users into believing they're interacting with legitimate download prompts. It affects Go...
This vulnerability in Google Chrome's Split View feature allows attackers to perform UI spoofing by tricking users into performing specific UI gestures while visiting a malicious website. Attackers ca...
This vulnerability allows a remote attacker to bypass Chrome's download protections by tricking a user into performing specific UI gestures on a malicious HTML page. It affects users running Google Ch...
This vulnerability allows attackers to escape Chrome's security sandbox by convincing users to install a malicious extension. It affects all users running vulnerable versions of Google Chrome. The att...
An out-of-bounds read vulnerability in Chrome's V8 JavaScript engine allows remote attackers to potentially exploit heap corruption via malicious HTML pages. This affects all users running Chrome vers...
This vulnerability allows a remote attacker to escape Chrome's sandbox protection through a crafted HTML page when DevTools is open. It affects users running Google Chrome versions before 136.0.7103.5...
This vulnerability allows attackers to spoof user interface elements in Google Chrome on Android by tricking users into visiting malicious web pages. It affects Android users running Chrome versions b...
This vulnerability allows attackers to create deceptive UI elements that appear legitimate but are actually malicious, enabling phishing or clickjacking attacks. It affects users running Google Chrome...
This vulnerability in Google Chrome's Dawn component on macOS allows attackers to trigger out-of-bounds memory access via malicious HTML pages. It affects Chrome users on macOS who haven't updated to ...
This vulnerability allows attackers to create fake fullscreen interfaces that mimic legitimate websites, tricking users into interacting with malicious content. It affects all users running Google Chr...
This vulnerability allows attackers to create QR codes that spoof Chrome's Lens UI on iOS, potentially tricking users into interacting with malicious content. Only Google Chrome on iOS versions before...
This vulnerability allows attackers to create fake autofill UI elements in Chrome that appear legitimate, tricking users into entering sensitive information. It affects Chrome users on Windows who hav...
This vulnerability allows attackers to create deceptive user interfaces in Google Chrome on Android through malicious web pages. It affects Android users running Chrome versions before 129.0.6668.58, ...
This vulnerability allows attackers to spoof UI elements in Chrome's address bar (Omnibox) on Android devices by tricking users into performing specific gestures on a malicious webpage. It affects And...
This vulnerability allows a remote attacker to read memory outside the intended buffer boundaries in Chrome's WebXR implementation. Attackers could potentially leak sensitive information from browser ...
This vulnerability in Google Chrome's password implementation allows a local attacker with physical access to bypass authentication mechanisms. It affects users running Chrome versions prior to 143.0....
A use-after-free vulnerability in Chrome's V8 JavaScript engine allows attackers to potentially access out-of-bounds memory via malicious HTML pages. This affects Google Chrome users running versions ...