Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Chrome

Source -

CNACISA

CNA CVEs -

2089

ADP CVEs -

0

CISA CVEs -

1

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2089Vulnerabilities found
CVE-2025-9478
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-Not Assigned
EPSS-Not Assigned
Published-26 Aug, 2025 | 18:51
Updated-26 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2025-4609
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.18% / 39.32%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 21:05
Updated-26 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-chromewindowsChrome
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-9132
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.93%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 00:41
Updated-21 Aug, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLCApple Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowsmacoschromelinux_kernelChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-8882
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.89%
||
7 Day CHG-0.03%
Published-13 Aug, 2025 | 02:43
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-macoswindowslinux_kernelchromeChrome
CWE ID-CWE-416
Use After Free
CVE-2025-8881
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 2.37%
||
7 Day CHG-0.01%
Published-13 Aug, 2025 | 02:43
Updated-14 Aug, 2025 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-macoswindowslinux_kernelchromeChrome
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-346
Origin Validation Error
CVE-2025-8901
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.53%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 02:43
Updated-14 Aug, 2025 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-macoswindowslinux_kernelchromeChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-8880
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.66%
||
7 Day CHG-0.02%
Published-13 Aug, 2025 | 02:43
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-macoswindowslinux_kernelchromeChrome
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-8879
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.77%
||
7 Day CHG-0.02%
Published-13 Aug, 2025 | 02:43
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-macoswindowslinux_kernelchromeChrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-8583
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.97%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 01:30
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Linux Kernel Organization, IncGoogle LLC
Product-chromelinux_kernelmacoswindowsChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-8582
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.39%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 01:30
Updated-11 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-windowschromemacoslinux_kernelChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2025-8581
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 13.40%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 01:30
Updated-08 Aug, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Linux Kernel Organization, IncGoogle LLC
Product-chromelinux_kernelmacoswindowsChrome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8580
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.38%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 01:30
Updated-08 Aug, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Linux Kernel Organization, IncGoogle LLC
Product-chromelinux_kernelmacoswindowsChrome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8579
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.38%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 01:30
Updated-08 Aug, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Linux Kernel Organization, IncGoogle LLC
Product-chromelinux_kernelmacoswindowsChrome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8578
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.19%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 01:30
Updated-12 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-windowschromemacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2025-8577
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.38%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 01:30
Updated-08 Aug, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Linux Kernel Organization, IncGoogle LLC
Product-chromelinux_kernelmacoswindowsChrome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8576
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.19%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 01:30
Updated-12 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-windowschromemacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2025-8292
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.80%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 01:18
Updated-01 Aug, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Linux Kernel Organization, IncApple Inc.Microsoft CorporationGoogle LLC
Product-chromemacoswindowslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2025-8011
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.19%
||
7 Day CHG+0.01%
Published-22 Jul, 2025 | 21:11
Updated-30 Jul, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-windowsmacoslinux_kernelchromeChrome
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-8010
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.19%
||
7 Day CHG+0.01%
Published-22 Jul, 2025 | 21:11
Updated-29 Jul, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-windowsmacoslinux_kernelchromeChrome
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-7657
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.94%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 18:12
Updated-16 Jul, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2025-6558
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.11%
||
7 Day CHG-0.00%
Published-15 Jul, 2025 | 18:12
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-08-12||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChromeChromium
CWE ID-CWE-20
Improper Input Validation
CVE-2025-7656
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.94%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 18:12
Updated-16 Jul, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-472
External Control of Assumed-Immutable Web Parameter
CVE-2025-6554
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.1||HIGH
EPSS-0.21% / 43.97%
||
7 Day CHG~0.00%
Published-30 Jun, 2025 | 21:14
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-07-23||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Google LLCLinux Kernel Organization, Inc
Product-chromemacoslinux_kernelwindowsChromeChromium V8
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-6557
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.71%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 20:03
Updated-15 Jul, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromewindowsChrome
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2025-6556
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.97%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 20:03
Updated-02 Jul, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-6555
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 13.16%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 20:03
Updated-02 Jul, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2025-6192
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.36%
||
7 Day CHG+0.02%
Published-18 Jun, 2025 | 18:16
Updated-03 Jul, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2025-6191
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.07% / 20.35%
||
7 Day CHG+0.01%
Published-18 Jun, 2025 | 18:16
Updated-03 Jul, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-472
External Control of Assumed-Immutable Web Parameter
CVE-2025-5959
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.05% / 16.42%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 00:54
Updated-16 Jun, 2025 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-5958
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.12%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 00:54
Updated-16 Jun, 2025 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2025-5068
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.84%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 23:36
Updated-05 Jun, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2025-5419
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.02% / 76.33%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 23:36
Updated-20 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-06-26||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-edge_chromiumchromeChromeChromium V8
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5067
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 20.19%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 20:43
Updated-29 May, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-5283
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 25.52%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 20:43
Updated-31 May, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2025-5281
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.80%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 20:43
Updated-29 May, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-5066
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.20%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 20:43
Updated-29 May, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-5065
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.20%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 20:43
Updated-29 May, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-5064
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.80%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 20:43
Updated-29 May, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-5280
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.29%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 20:43
Updated-29 May, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5063
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.16%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 20:43
Updated-02 Jul, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2025-4664
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.58%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:41
Updated-06 Jun, 2025 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChromeChromium
CVE-2025-4372
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.06% / 18.09%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 21:35
Updated-28 May, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2025-4052
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 13.93%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 18:10
Updated-28 May, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-838
Inappropriate Encoding for Output Context
CVE-2025-4051
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 10.39%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 18:10
Updated-28 May, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-284
Improper Access Control
CVE-2025-4050
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-8.8||HIGH
EPSS-0.06% / 19.69%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 18:10
Updated-28 May, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-4096
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.84%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 18:10
Updated-28 May, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-3620
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.10% / 29.11%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 20:57
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2025-3619
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.04% / 8.82%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 20:57
Updated-15 Jul, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromewindowsChrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-3074
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.98%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:42
Updated-21 Apr, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-3073
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.98%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:42
Updated-21 Apr, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 41
  • 42
  • Next