threat
engine
.sh
Back
·
··:··
Home
/
Product
/
google chrome os
Product
google chrome os
67 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-6044
all versions
An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus
6.1
MEDIUM
CVE-2025-6179
all versions
Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker
9.8
CRITICAL
CVE-2025-6177
all versions
Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker
7.4
HIGH
CVE-2025-2509
all versions
Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within
7.8
HIGH
CVE-2025-1290
all versions
A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on Chrome
8.1
HIGH
CVE-2025-2073
all versions
Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privi
8.8
HIGH
CVE-2025-1704
all versions
ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with loca
6.5
MEDIUM
CVE-2025-1568
all versions
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a re
8.8
HIGH
CVE-2025-1566
all versions
DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext D
7.5
HIGH
CVE-2025-1121
all versions
Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker w
6.8
MEDIUM
CVE-2022-2743
all versions
Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who c
8.8
HIGH
CVE-2014-3180
all versions
In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bou
9.1
CRITICAL
CVE-2019-16508
< r74-11895.b
The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows
7.8
HIGH
CVE-2016-5179
< 53.0.2785.144
Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.
9.8
CRITICAL
CVE-2017-15400
< 62.0.3202.74
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a c
7.8
HIGH
CVE-2017-15397
< 62.0.3202.74
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged netw
7.4
HIGH
CVE-2017-5084
< 59.0.3071.92
Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local file
3.3
LOW
CVE-2016-5169
<= 52.0.2743.116
Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possi
8.8
HIGH
CVE-2014-3188
<= 38.0.2125.77
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8,
CVE-2014-1711
<= 33.0.1750.149
The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 allows remote attackers to cause a denial of service (out-of
CVE-2014-1710
<= 33.0.1750.149
The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Go
CVE-2014-1708
<= 33.0.1750.149
The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote
CVE-2014-1707
<= 33.0.1750.149
Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors.
CVE-2014-1706
<= 33.0.1750.149
crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors.
CVE-2013-2866
all versions
The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not
CVE-2013-2835
<= 26.0.1410.56
Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which all
CVE-2013-2834
<= 26.0.1410.56
Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which all
CVE-2013-2833
<= 26.0.1410.56
Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial
CVE-2013-2832
<= 26.0.1410.56
The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent unini
CVE-2013-0927
<= 26.0.1410.56
Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pa
CVE-2013-0915
<= 25.0.1364.172
The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecifie
CVE-2012-5129
<= 21.0.1180.57
Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denia
CVE-2012-2864
all versions
Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, a
CVE-2012-4050
<= 21.0.1180.49
Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromeboo
CVE-2012-3290
<= 20.0.1132.21
Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebo
CVE-2012-1418
<= 17.0.963.59
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook
CVE-2012-0695
<= 17.0.963.26
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook
CVE-2011-4719
<= 16.0.912.62
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook
CVE-2011-4548
<= 16.0.912.43
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook
CVE-2011-3421
<= 14.0.835.124
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromeboo
CVE-2011-3420
<= 14.0.835.156
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromeboo
CVE-2011-2171
<= 0.12.433.35
Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vecto
CVE-2011-2170
<= 0.12.433.35
Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which
CVE-2011-2169
<= 0.12.433.35
Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf fi
CVE-2011-1306
<= 0.10.156.36
Unspecified vulnerability in the Scratchpad application in Google Chrome OS before R10 0.10.156.46 Beta has unknown impact and att
CVE-2011-1042
<= 0.9.126.0
Use-after-free vulnerability in flimflamd in flimflam in Google Chrome OS before 0.9.130.14 Beta allows user-assisted remote attac
CVE-2011-0485
< 8.0.552.344
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attacker
CVE-2011-0484
< 8.0.552.344
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote at
CVE-2011-0483
< 8.0.552.344
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during
CVE-2011-0482
< 8.0.552.344
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during
CVE-2011-0481
< 8.0.552.344
Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of
CVE-2011-0480
< 8.0.552.344
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome
CVE-2011-0479
< 8.0.552.344
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote at
CVE-2011-0478
< 8.0.552.344
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote att
CVE-2011-0477
< 8.0.552.344
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which al
CVE-2011-0476
< 8.0.552.344
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memor
CVE-2011-0475
< 8.0.552.344
Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause
CVE-2011-0474
< 8.0.552.344
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequen
CVE-2011-0473
< 8.0.552.344
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequen
CVE-2011-0472
< 8.0.552.344
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allo
CVE-2011-0471
< 8.0.552.344
The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle po
CVE-2011-0470
< 8.0.552.344
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows rem
CVE-2010-4578
< 8.0.552.343
Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote att
CVE-2010-4577
< 8.0.552.343
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chro
7.5
HIGH
CVE-2010-4576
< 8.0.552.343
browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not prope
CVE-2010-4575
< 8.0.552.343
The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome bef
CVE-2010-4574
< 8.0.552.343
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin