U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 406 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-2620

Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Published: August 12, 2022; 4:15:09 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-2613

Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Published: August 12, 2022; 4:15:09 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-2609

Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Published: August 12, 2022; 4:15:08 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-2607

Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Published: August 12, 2022; 4:15:08 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-2587

Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata.

Published: August 12, 2022; 4:15:08 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-2296

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

Published: July 27, 2022; 10:15:07 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-1641

Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction.

Published: July 26, 2022; 6:15:10 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-1633

Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.

Published: July 26, 2022; 6:15:10 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-1489

Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.

Published: July 26, 2022; 6:15:09 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-1311

Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: July 25, 2022; 10:15:10 AM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-1132

Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.

Published: July 22, 2022; 8:15:08 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-0977

Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Published: July 21, 2022; 7:15:09 PM -0400
V3.1: 9.6 CRITICAL
V2.0:(not available)
CVE-2022-0974

Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Published: July 21, 2022; 7:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-0603

Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: April 04, 2022; 8:15:17 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-0308

Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Published: February 11, 2022; 9:15:10 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-0107

Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Published: February 11, 2022; 7:15:07 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-38013

Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: December 22, 2021; 8:15:08 PM -0500
V3.1: 9.6 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2021-37964

Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.

Published: October 08, 2021; 6:15:07 PM -0400
V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2021-30565

Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

Published: August 03, 2021; 4:15:08 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-16038

Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: January 08, 2021; 2:15:13 PM -0500
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH