Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Google | Chromium Mojo

CVE-2025-2783

Google Chromium Mojo Sandbox Escape Vulnerability: Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-03-27
Due Date: 2025-04-17

Additional Notes

Google | Chromium V8

CVE-2024-7965

Google Chromium V8 Inappropriate Implementation Vulnerability: Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-358

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-08-28
Due Date: 2024-09-18

Additional Notes

Google | Chromium V8

CVE-2024-7971

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-08-26
Due Date: 2024-09-16

Additional Notes

Google | Chromium V8

CVE-2024-5274

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-05-28
Due Date: 2024-06-18

Additional Notes

Google | Chromium V8

CVE-2024-4947

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-05-20
Due Date: 2024-06-10

Additional Notes

Google | Chromium V8

CVE-2024-4761

Google Chromium V8 Out-of-Bounds Memory Write Vulnerability: Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-05-16
Due Date: 2024-06-06

Additional Notes

Google | Chromium

CVE-2024-4671

Google Chromium Visuals Use-After-Free Vulnerability: Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-05-13
Due Date: 2024-06-03

Additional Notes

Google | Chromium V8

CVE-2023-4762

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-02-06
Due Date: 2024-02-27

Additional Notes

Google | Chromium V8

CVE-2024-0519

Google Chromium V8 Out-of-Bounds Memory Access Vulnerability: Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-17
Due Date: 2024-02-07

Additional Notes

Google | Chromium WebRTC

CVE-2023-7024

Google Chromium WebRTC Heap Buffer Overflow Vulnerability: Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-02
Due Date: 2024-01-23

Additional Notes

Google | Chromium Skia

CVE-2023-6345

Google Skia Integer Overflow Vulnerability: Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-30
Due Date: 2023-12-21

Additional Notes

Google | Chromium libvpx

CVE-2023-5217

Google Chromium libvpx Heap Buffer Overflow Vulnerability: Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-10-02
Due Date: 2023-10-23

Additional Notes

Google | Chromium WebP

CVE-2023-4863

Google Chromium WebP Heap-Based Buffer Overflow Vulnerability: Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-09-13
Due Date: 2023-10-04

Additional Notes

Google | Chromium V8

CVE-2023-3079

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-06-07
Due Date: 2023-06-28

Additional Notes

Google | Chromium Skia

CVE-2023-2136

Google Chrome Skia Integer Overflow Vulnerability: Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-04-21
Due Date: 2023-05-12

Additional Notes

Google | Chromium V8

CVE-2023-2033

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-04-17
Due Date: 2023-05-08

Additional Notes

Google | Chromium Network Service

CVE-2022-3038

Google Chromium Network Service Use-After-Free Vulnerability: Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-30
Due Date: 2023-04-20

Additional Notes

Google | Chromium V8

CVE-2022-4262

Related CWEs: CWE-122| CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-12-05
Due Date: 2022-12-26

Additional Notes

Google | Chromium GPU

CVE-2022-4135

Google Chromium GPU Heap Buffer Overflow Vulnerability: Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-11-28
Due Date: 2022-12-19

Additional Notes

Google | Chromium V8

CVE-2022-3723

Related CWEs: CWE-122| CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-10-28
Due Date: 2022-11-18

Additional Notes

Google | Chromium Mojo

CVE-2022-3075

Google Chromium Mojo Insufficient Data Validation Vulnerability: Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-09-08
Due Date: 2022-09-29

Additional Notes

Google | Chromium Intents

CVE-2022-2856

Google Chromium Intents Insufficient Input Validation Vulnerability: Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-08-18
Due Date: 2022-09-08

Additional Notes

Google | Chromium PopupBlocker

CVE-2021-30533

Google Chromium PopupBlocker Security Bypass Vulnerability: Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-27
Due Date: 2022-07-18

Additional Notes

Google | Chromium V8

CVE-2019-5825

Google Chromium V8 Out-of-Bounds Write Vulnerability: Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Google | Chromium V8

CVE-2016-1646

Google Chromium V8 Out-of-Bounds Read Vulnerability: Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Google | Chromium V8

CVE-2016-5198

Google Chromium V8 Out-of-Bounds Memory Vulnerability: Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWEs: CWE-125| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Google | Chromium V8

CVE-2017-5030

Google Chromium V8 Memory Corruption Vulnerability: Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-125

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Google | Chromium V8

CVE-2017-5070

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Google | Chromium V8

CVE-2018-17463

Google Chromium V8 Remote Code Execution Vulnerability: Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Google | Chromium V8

CVE-2018-17480

Google Chromium V8 Out-of-Bounds Write Vulnerability: Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Google | Chromium V8

CVE-2018-6065

Google Chromium V8 Integer Overflow Vulnerability: Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWEs: CWE-190| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Google | Chrome WebAudio

CVE-2019-13720

Google Chrome WebAudio Use-After-Free Vulnerability: Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Google | Chrome Blink

CVE-2019-5786

Google Chrome Blink Use-After-Free Vulnerability: Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Google | Chromium V8

CVE-2022-1364

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

Google | Pixel

CVE-2021-39793

Google Pixel Out-of-Bounds Write Vulnerability: Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-11
Due Date: 2022-05-02

Additional Notes

Google | Chromium V8

CVE-2022-1096

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Google | Chromium Animation

CVE-2022-0609

Google Chromium Animation Use-After-Free Vulnerability: Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-15
Due Date: 2022-03-01

Additional Notes

Google | Chrome Media

CVE-2020-6572

Google Chrome Media Use-After-Free Vulnerability: Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-10
Due Date: 2022-07-10

Additional Notes

Google | Chromium V8

CVE-2021-4102

Google Chromium V8 Use-After-Free Vulnerability: Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-15
Due Date: 2021-12-29

Additional Notes

Google | Chromium Portals

CVE-2021-37973

Google Chromium Portals Use-After-Free Vulnerability: Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chrome FreeType

CVE-2020-15999

Google Chrome FreeType Heap Buffer Overflow Vulnerability: Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chromium V8

CVE-2021-21148

Google Chromium V8 Heap Buffer Overflow Vulnerability: Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chromium Indexed DB API

CVE-2021-30633

Google Chromium Indexed DB API Use-After-Free Vulnerability: Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chromium V8

CVE-2020-16013

Google Chromium V8 Incorrect Implementation Vulnerabililty: Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Google | Chromium V8

CVE-2021-30632

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chromium V8

CVE-2020-16009

Related CWEs: CWE-787| CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Google | Chromium

CVE-2021-37976

Google Chromium Information Disclosure Vulnerability: Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-862

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chrome

CVE-2020-16017

Google Chrome Use-After-Free Vulnerability: Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Google | Chromium

CVE-2021-21166

Google Chromium Race Condition Vulnerability: Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWEs: CWE-122| CWE-362

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chrome for Android UI

CVE-2020-16010

Google Chrome for Android UI Heap Buffer Overflow Vulnerability: Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Google | Chromium V8

CVE-2021-30551

Related CWEs: CWE-122| CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chromium V8

CVE-2021-37975

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chromium V8

CVE-2020-6418

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Google | Chromium WebGL

CVE-2021-30554

Google Chromium WebGL Use-After-Free Vulnerability: Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chromium Blink

CVE-2021-21206

Google Chromium Blink Use-After-Free Vulnerability: Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chromium Intents

CVE-2021-38000

Google Chromium Intents Improper Input Validation Vulnerability: Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chromium V8

CVE-2021-38003

Google Chromium V8 Memory Corruption Vulnerability: Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWEs: CWE-122| CWE-755

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chromium V8

CVE-2021-21224

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chromium Blink

CVE-2021-21193

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chromium V8

CVE-2021-21220

Google Chromium V8 Improper Input Validation Vulnerability: Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWEs: CWE-20| CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Google | Chromium V8

CVE-2021-30563

Related CWEs: CWE-122| CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates