) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:google:chrome:117.0.5938.149:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2025-5063 |
Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: May 27, 2025; 5:15:22 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-4664 |
Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) Published: May 14, 2025; 2:15:33 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2025-4372 |
Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Published: May 06, 2025; 6:15:17 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-4096 |
Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: May 05, 2025; 2:15:44 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-4052 |
Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) Published: May 05, 2025; 2:15:44 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-4051 |
Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) Published: May 05, 2025; 2:15:44 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-4050 |
Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Published: May 05, 2025; 2:15:43 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-3620 |
Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: April 16, 2025; 5:15:48 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-3619 |
Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Published: April 16, 2025; 5:15:47 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-3074 |
Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Published: April 01, 2025; 9:15:38 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-3073 |
Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Published: April 01, 2025; 9:15:38 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-3072 |
Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Published: April 01, 2025; 9:15:38 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-3071 |
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) Published: April 01, 2025; 9:15:38 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-3070 |
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) Published: April 01, 2025; 9:15:38 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-3069 |
Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) Published: April 01, 2025; 9:15:38 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-3068 |
Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) Published: April 01, 2025; 9:15:38 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-3067 |
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium) Published: April 01, 2025; 9:15:38 PM -0400 |
V4.0:
8.6 HIGH
V3.x:(not available) V2.0:(not available) |
| CVE-2025-3066 |
Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: April 01, 2025; 9:15:37 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-2783 |
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) Published: March 26, 2025; 12:15:23 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-2476 |
Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Published: March 19, 2025; 3:15:50 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |