U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:google:chrome:79.0.3908.2:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 1,429 matching records.
Displaying matches 321 through 340.
Vuln ID Summary CVSS Severity
CVE-2023-2725

Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: May 16, 2023; 3:15:09 PM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-2724

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: May 16, 2023; 3:15:09 PM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-2723

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: May 16, 2023; 3:15:09 PM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-2722

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: May 16, 2023; 3:15:09 PM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-2721

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Published: May 16, 2023; 3:15:09 PM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-2458

Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)

Published: May 12, 2023; 2:15:09 PM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-2457

Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)

Published: May 12, 2023; 2:15:09 PM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-2468

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)

Published: May 02, 2023; 8:15:09 PM -0400 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2467

Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)

Published: May 02, 2023; 8:15:09 PM -0400 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2466

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)

Published: May 02, 2023; 8:15:09 PM -0400 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2465

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:09 PM -0400 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2464

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:09 PM -0400 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2463

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:09 PM -0400 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2462

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:09 PM -0400 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2461

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:09 PM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-2460

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:09 PM -0400 		V4.0:(not available)
 V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2023-2459

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:08 PM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-2137

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Published: April 19, 2023; 12:15:31 AM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-2136

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Published: April 19, 2023; 12:15:31 AM -0400 		V4.0:(not available)
 V3.1: 9.6 CRITICAL
V2.0:(not available)
CVE-2023-2135

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: April 19, 2023; 12:15:31 AM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0:(not available)