Google Chrome
4722 CVEs affecting Google Chrome. Latest disclosed: 2026-06-05. Critical: 88, High: 618.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-5178 | Critical | 9.8 | 2017-05-23 | Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact vi… |
CVE-2014-9654 | Critical | 9.8 | 2017-04-24 | The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calcul… |
CVE-2013-6647 | Critical | 9.8 | 2017-04-11 | A use-after-free in AnimationController::endAnimationUpdate in Google Chrome. |
CVE-2016-5146 | Critical | 9.8 | 2016-08-07 | Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unkno… |
CVE-2016-5144 | Critical | 9.8 | 2016-08-07 | The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter… |
CVE-2016-5143 | Critical | 9.8 | 2016-08-07 | The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter… |
CVE-2016-5142 | Critical | 9.8 | 2016-08-07 | The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which all… |
CVE-2016-5140 | Critical | 9.8 | 2016-08-07 | Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote… |
CVE-2016-1666 | Critical | 9.8 | 2016-05-14 | Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknow… |
CVE-2016-1662 | Critical | 9.8 | 2016-05-14 | extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, w… |
CVE-2016-1659 | Critical | 9.8 | 2016-04-18 | Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknow… |
CVE-2016-2843 | Critical | 9.8 | 2016-03-06 | Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service… |
CVE-2016-1642 | Critical | 9.8 | 2016-03-06 | Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknow… |
CVE-2016-1639 | Critical | 9.8 | 2016-03-06 | Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Googl… |
CVE-2016-1636 | Critical | 9.8 | 2016-03-06 | The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information… |
CVE-2016-1635 | Critical | 9.8 | 2016-03-06 | extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues du… |
CVE-2016-1633 | Critical | 9.8 | 2016-03-06 | Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unsp… |
CVE-2016-1629 | Critical | 9.8 | 2016-02-21 | Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. |
CVE-2016-2051 | Critical | 9.8 | 2016-01-25 | Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service… |
CVE-2015-6792 | Critical | 9.8 | 2015-12-24 | The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code… |