Summary
| Detail | |||
|---|---|---|---|
| Vendor | First view | 2012-06-27 | |
| Product | Chrome | Last view | 2025-07-22 |
| Version | 19.0.1084.52 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:google:chrome | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 0 | 2025-07-22 | CVE-2025-8011 | Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-07-22 | CVE-2025-8010 | Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-07-15 | CVE-2025-7657 | Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-07-15 | CVE-2025-7656 | Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-07-15 | CVE-2025-6558 | Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-06-30 | CVE-2025-6554 | Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-06-24 | CVE-2025-6557 | Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) |
| 0 | 2025-06-24 | CVE-2025-6556 | Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) |
| 0 | 2025-06-24 | CVE-2025-6555 | Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-06-18 | CVE-2025-6192 | Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-06-18 | CVE-2025-6191 | Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-06-11 | CVE-2025-5959 | Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-06-11 | CVE-2025-5958 | Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-06-03 | CVE-2025-5419 | Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-06-03 | CVE-2025-5068 | Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-27 | CVE-2025-5283 | Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-27 | CVE-2025-5281 | Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-27 | CVE-2025-5280 | Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-05-27 | CVE-2025-5067 | Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| 0 | 2025-05-27 | CVE-2025-5066 | Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-27 | CVE-2025-5065 | Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-27 | CVE-2025-5064 | Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-27 | CVE-2025-5063 | Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 4.3 | 2025-05-14 | CVE-2025-4664 | Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-05-06 | CVE-2025-4372 | Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 31% (706) | CWE-416 | Use After Free |
| 16% (376) | CWE-787 | Out-of-bounds Write |
| 8% (185) | CWE-20 | Improper Input Validation |
| 6% (148) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 4% (99) | CWE-399 | Resource Management Errors |
| 3% (89) | CWE-125 | Out-of-bounds Read |
| 3% (69) | CWE-200 | Information Exposure |
| 2% (62) | CWE-190 | Integer Overflow or Wraparound |
| 2% (62) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 2% (58) | CWE-264 | Permissions, Privileges, and Access Controls |
| 1% (44) | CWE-362 | Race Condition |
| 1% (30) | CWE-346 | Origin Validation Error |
| 1% (30) | CWE-189 | Numeric Errors |
| 1% (29) | CWE-254 | Security Features |
| 1% (27) | CWE-284 | Access Control (Authorization) Issues |
| 1% (24) | CWE-276 | Incorrect Default Permissions |
| 0% (18) | CWE-17 | Code |
| 0% (15) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 0% (14) | CWE-19 | Data Handling |
| 0% (13) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 0% (13) | CWE-290 | Authentication Bypass by Spoofing |
| 0% (13) | CWE-203 | Information Exposure Through Discrepancy |
| 0% (10) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 0% (9) | CWE-704 | Incorrect Type Conversion or Cast |
| 0% (8) | CWE-269 | Improper Privilege Management |
SAINT Exploits
| Description | Link |
|---|---|
| Google Chrome SimplifiedLowering bug | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 33212 | Adobe Flash Player Integer Underflow Remote Code Execution |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-12-31 | Name : Fedora Update for v8 FEDORA-2012-20103 File : nvt/gb_fedora_2012_20103_v8_fc17.nasl |
| 2012-12-14 | Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Linux) File : nvt/gb_google_chrome_mult_vuln03_dec12_lin.nasl |
| 2012-12-14 | Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln03_dec12_macosx.nasl |
| 2012-12-14 | Name : SuSE Update for Chromium openSUSE-SU-2012:1637-1 (Chromium) File : nvt/gb_suse_2012_1637_1.nasl |
| 2012-12-14 | Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows) File : nvt/gb_google_chrome_mult_vuln03_dec12_win.nasl |
| 2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:1376-1 (update) File : nvt/gb_suse_2012_1376_1.nasl |
| 2012-12-13 | Name : SuSE Update for chromium openSUSE-SU-2012:1215-1 (chromium) File : nvt/gb_suse_2012_1215_1.nasl |
| 2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0993-1 (update) File : nvt/gb_suse_2012_0993_1.nasl |
| 2012-12-06 | Name : Ubuntu Update for libxml2 USN-1656-1 File : nvt/gb_ubuntu_USN_1656_1.nasl |
| 2012-12-04 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium24.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-02 Dec2012 (Linux) File : nvt/gb_google_chrome_mult_vuln02_dec12_lin.nasl |
| 2012-12-04 | Name : RedHat Update for libxml2 RHSA-2012:1512-01 File : nvt/gb_RHSA-2012_1512-01_libxml2.nasl |
| 2012-12-04 | Name : CentOS Update for libxml2 CESA-2012:1512 centos6 File : nvt/gb_CESA-2012_1512_libxml2_centos6.nasl |
| 2012-12-04 | Name : CentOS Update for libxml2 CESA-2012:1512 centos5 File : nvt/gb_CESA-2012_1512_libxml2_centos5.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-01 Dec2012 (Linux) File : nvt/gb_google_chrome_mult_vuln01_dec12_lin.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-01 Dec2012 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln01_dec12_macosx.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-02 Dec2012 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln02_dec12_macosx.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-02 Dec2012 (Windows) File : nvt/gb_google_chrome_mult_vuln02_dec12_win.nasl |
| 2012-12-04 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium23.nasl |
| 2012-12-04 | Name : Mandriva Update for libxml2 MDVSA-2012:176 (libxml2) File : nvt/gb_mandriva_MDVSA_2012_176.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-01 Dec2012 (Windows) File : nvt/gb_google_chrome_mult_vuln01_dec12_win.nasl |
| 2012-12-04 | Name : Debian Security Advisory DSA 2580-1 (libxml2) File : nvt/deb_2580_1.nasl |
| 2012-11-26 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium22.nasl |
| 2012-11-21 | Name : Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Linux) File : nvt/gb_google_chrome_webcore_webkit_xss_vuln_lin.nasl |
| 2012-11-21 | Name : Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X) File : nvt/gb_apple_safari_webcore_webkit_xss_vuln_macosx.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-B-0107 | Multiple Security Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0061361 |
| 2015-A-0154 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0061081 |
| 2014-B-0161 | Multiple Vulnerabilities in VMware ESXi 5.1 Severity: Category I - VMSKEY: V0057717 |
| 2014-B-0071 | Multiple Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0052483 |
| 2014-B-0060 | Multiple Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0050897 |
| 2014-B-0056 | Multiple Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0050433 |
| 2014-B-0049 | Multiple Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0050017 |
| 2014-B-0048 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0050015 |
| 2014-B-0039 | Multiple Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0048683 |
| 2014-B-0031 | Multiple Security Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0046767 |
| 2014-B-0026 | Multiple Security Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0046159 |
| 2014-B-0024 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0046157 |
| 2014-B-0023 | Multiple Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0045283 |
| 2014-A-0030 | Apple Mac OS X Security Update 2014-001 Severity: Category I - VMSKEY: V0044547 |
| 2014-B-0020 | Multiple Security Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0044539 |
| 2014-A-0020 | Adobe Flash Player Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0043920 |
| 2014-B-0007 | Multiple Security Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0043878 |
| 2014-B-0003 | Multiple Security Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0043401 |
| 2014-A-0012 | Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity: Category I - VMSKEY: V0043396 |
| 2013-B-0137 | Multiple Security Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0042597 |
| 2013-A-0233 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0042596 |
| 2013-B-0132 | Google Chrome Memory Corruption Vulnerability Severity: Category I - VMSKEY: V0042381 |
| 2013-B-0124 | Multiple Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0042301 |
| 2013-B-0119 | Multiple Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0041067 |
| 2013-B-0112 | Multiple Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0040762 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-23 | Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt RuleID : 56438 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-12-23 | Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt RuleID : 56437 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56133 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56132 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56131 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56130 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-10-27 | Google Chrome AudioArray memory corruption attempt RuleID : 55810 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-10-27 | Google Chrome AudioArray memory corruption attempt RuleID : 55809 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-09-02 | Google Chrome blink webaudio module use after free attempt RuleID : 54625 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-09-02 | Google Chrome blink webaudio module use after free attempt RuleID : 54624 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-09-02 | Google Chrome ReadableStream out of bounds read attempt RuleID : 54623 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-09-02 | Google Chrome ReadableStream out of bounds read attempt RuleID : 54622 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-08-11 | Google Chrome Blink use-after-free attempt RuleID : 54498 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-08-11 | Google Chrome Blink use-after-free attempt RuleID : 54497 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-11 | Google Chromium for Android AddInterface use after free attempt RuleID : 53943 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-11 | Google Chromium for Android AddInterface use after free attempt RuleID : 53942 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-10 | Google Chromium ImageCapture use after free attempt RuleID : 53845 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-10 | Google Chromium ImageCapture use after free attempt RuleID : 53844 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-04 | Chromium use after free exploitation attempt RuleID : 53836 - Type : INDICATOR-COMPROMISE - Revision : 1 |
| 2020-06-04 | Chromium use after free exploitation attempt RuleID : 53835 - Type : INDICATOR-COMPROMISE - Revision : 1 |
| 2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53754 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53753 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53752 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53751 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-05-05 | Google Chrome desktopMediaPickerController use after free attempt RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO |
| 2019-01-08 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2019-1007.nasl - Type: ACT_GATHER_INFO |
| 2019-01-07 | Name: The remote Fedora host is missing a security update. File: fedora_2019-859384e002.nasl - Type: ACT_GATHER_INFO |
| 2019-01-07 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_546d4dd410ea11e9b407080027ef1a23.nasl - Type: ACT_GATHER_INFO |
| 2019-01-07 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_720590df10eb11e9b407080027ef1a23.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-13d8c35127.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-34f7f68029.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-39be36e9fc.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-499f2dbc96.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-7c80aaef26.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-8e866c5066.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-94e1bc8c23.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-aafdbb5554.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-b844991a97.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-f76e6d17f1.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-fd194a1f14.nasl - Type: ACT_GATHER_INFO |
| 2018-12-28 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1446.nasl - Type: ACT_GATHER_INFO |
| 2018-12-27 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2018-3831.nasl - Type: ACT_GATHER_INFO |
| 2018-12-27 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2018-3833.nasl - Type: ACT_GATHER_INFO |
| 2018-12-24 | Name: The remote Debian host is missing a security update. File: debian_DLA-1613.nasl - Type: ACT_GATHER_INFO |
| 2018-12-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1605.nasl - Type: ACT_GATHER_INFO |
| 2018-12-14 | Name: A web browser installed on the remote Windows host is affected by a use after... File: google_chrome_71_0_3578_98.nasl - Type: ACT_GATHER_INFO |
| 2018-12-14 | Name: A web browser installed on the remote macOS host is affected by a use after f... File: macosx_google_chrome_71_0_3578_98.nasl - Type: ACT_GATHER_INFO |
| 2018-12-13 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4354.nasl - Type: ACT_GATHER_INFO |
| 2018-12-13 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_d10b49b28d0249e8afde0844626317af.nasl - Type: ACT_GATHER_INFO |
