chromedriver

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting chromedriverpage 1 of 1

CVE-2016-10579HIGHCVSS 8.1✓ Fixed in 2.25.2
2018-06-01
Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out …
CVE-2023-26156MEDIUMCVSS 5.6EG 5.6✓ Fixed in 119.0.1
2023-11-09
Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host …

Check whether chromedriver is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for chromedriver CVEs against the assets you own.

Start Free Scan →