Every CVE whose affected-product data names Google Chrome Os, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (67)
CVE-2011-4719 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook…
CVE-2011-2171 — CVSS 10.0 (critical): Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors.
CVE-2011-3420 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook…
CVE-2011-3421 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook…
CVE-2014-1708 — CVSS 10.0 (critical): The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers…
CVE-2013-2833 — CVSS 10.0 (critical): Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial of…
CVE-2011-0471 — CVSS 10.0 (critical): The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers…
CVE-2011-1306 — CVSS 10.0 (critical): Unspecified vulnerability in the Scratchpad application in Google Chrome OS before R10 0.10.156.46 Beta has unknown impact and attack…
CVE-2011-4548 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook…
CVE-2011-0473 — CVSS 10.0 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in…
CVE-2011-0474 — CVSS 10.0 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in…
CVE-2011-0476 — CVSS 10.0 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory…
CVE-2011-0477 — CVSS 10.0 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows…
CVE-2011-0478 — CVSS 10.0 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to…
CVE-2013-0915 — CVSS 10.0 (critical): The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecified other…
CVE-2014-3188 — CVSS 10.0 (critical): Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which…
CVE-2012-4050 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook…
CVE-2012-3290 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and…
CVE-2012-2864 — CVSS 10.0 (critical): Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the…
CVE-2012-1418 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook…
CVE-2011-0485 — CVSS 10.0 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to…
CVE-2012-0695 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook…
CVE-2025-6179 — CVSS 9.8 (critical): Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable…
CVE-2011-0481 — CVSS 9.3 (critical): Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service…
CVE-2011-0472 — CVSS 9.3 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows…
CVE-2011-0475 — CVSS 9.3 (critical): Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial…
CVE-2011-0480 — CVSS 9.3 (critical): Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before…
CVE-2014-3180 — CVSS 9.1 (critical): In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read…
CVE-2025-2073 — CVSS 8.8 (high): Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to…
CVE-2016-5169 — CVSS 8.8 (high): Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have…
CVE-2022-2743 — CVSS 8.8 (high): Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced…
CVE-2025-1568 — CVSS 8.8 (high): Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered…
CVE-2025-1290 — CVSS 8.1 (high): A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS…
CVE-2025-2509 — CVSS 7.8 (high): Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the…
CVE-2019-16508 — CVSS 7.8 (high): The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers…
CVE-2017-15400 — CVSS 7.8 (high): Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command…
CVE-2014-1707 — CVSS 7.5 (high): Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors.
CVE-2011-0484 — CVSS 7.5 (high): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers…
CVE-2010-4574 — CVSS 7.5 (high): The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux…
CVE-2012-5129 — CVSS 7.5 (high): Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of…
CVE-2011-0479 — CVSS 7.5 (high): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers…
CVE-2013-0927 — CVSS 7.5 (high): Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc…
CVE-2014-1706 — CVSS 7.5 (high): crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors.
CVE-2010-4578 — CVSS 7.5 (high): Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to…
CVE-2014-1710 — CVSS 7.5 (high): The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google…
CVE-2014-1711 — CVSS 7.5 (high): The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 allows remote attackers to cause a denial of service (out-of-bounds…
CVE-2010-4577 — CVSS 7.5 (high): The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS…
CVE-2025-1566 — CVSS 7.5 (high): DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS…
CVE-2025-6177 — CVSS 7.4 (high): Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain…
CVE-2017-15397 — CVSS 7.4 (high): Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network…
CVE-2011-2169 — CVSS 7.2 (high): Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and…
CVE-2025-1121 — CVSS 6.8 (medium): Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with…
CVE-2025-1704 — CVSS 6.5 (medium): ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access…
CVE-2025-6044 — CVSS 6.1 (medium): An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices…
CVE-2013-2832 — CVSS 5.0 (medium): The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized…
CVE-2011-0470 — CVSS 5.0 (medium): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote…
CVE-2011-0483 — CVSS 5.0 (medium): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling…
CVE-2010-4576 — CVSS 5.0 (medium): browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly…
CVE-2013-2834 — CVSS 5.0 (medium): Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows…
CVE-2013-2835 — CVSS 5.0 (medium): Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows…
CVE-2011-2170 — CVSS 4.4 (medium): Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has…
CVE-2013-2866 — CVSS 4.3 (medium): The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly…
CVE-2011-0482 — CVSS 4.3 (medium): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling…
CVE-2011-1042 — CVSS 4.3 (medium): Use-after-free vulnerability in flimflamd in flimflam in Google Chrome OS before 0.9.130.14 Beta allows user-assisted remote attackers to…
CVE-2010-4575 — CVSS 4.3 (medium): The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before…
CVE-2017-5084 — CVSS 3.3 (low): Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via…