Vulnerabilities > Google > Chrome > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-12 CVE-2022-0097 Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.
network
low complexity
google fedoraproject
critical
9.6
2021-12-23 CVE-2021-38013 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
critical
9.6
2021-11-23 CVE-2021-38002 Use After Free vulnerability in multiple products
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
9.6
2021-11-02 CVE-2020-6492 Use After Free vulnerability in Google Chrome
Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google CWE-416
critical
9.6
2021-11-02 CVE-2021-37981 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian CWE-787
critical
9.6
2021-10-08 CVE-2021-37973 Use After Free vulnerability in multiple products
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
9.6
2021-10-08 CVE-2021-30633 Use After Free vulnerability in multiple products
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
critical
9.6
2021-08-03 CVE-2021-30571 Incorrect Authorization vulnerability in multiple products
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject CWE-863
critical
9.6
2021-04-26 CVE-2021-21226 Use After Free vulnerability in multiple products
Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
critical
9.6
2021-04-26 CVE-2021-21201 Use After Free vulnerability in multiple products
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
critical
9.6