CVE Daily
← All tags

Tag: Google Chrome

All CVEs associated with "Google Chrome". Page 4/40 • 4704 CVEs.

Subscribe CVEs: RSS for “Google Chrome”  ·  RSS (High+Critical only)

About “Google Chrome”

A curated feed of “Google Chrome”-related CVEs appears below. We currently track 4704 CVEs for this tag (all time). In the last 365 days, 807 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 58% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-20 - Improper Input Validation, CWE-125 - Out-of-bounds Read.

In our taxonomy this topic maps to a LOW impact class. Browsers are high value endpoints. Force auto updates, enforce enterprise policies, limit risky extensions, and enable site isolation or sandboxing. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-05-06
High

CVE-2026-7927

Type Confusion in Runtime in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2026-7926

Use after free in PresentationAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7925

Use after free in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Hi…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2026-7924

Uninitialized Use in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security…

CVSS: 6.5 CWE: CWE-457 - Use of Uninitialized Variable View on NVD
High

CVE-2026-7923

Out of bounds write in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…

CVSS: 8.3 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2026-7922

Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7921

Use after free in Passwords in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7920

Use after free in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7919

Use after free in Aura in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7918

Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7917

Use after free in Fullscreen in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafte…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7916

Insufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a…

CVSS: 8.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2026-7915

Insufficient data validation in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security sev…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2026-7914

Type Confusion in Accessibility in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a cra…

CVSS: 8.3 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2026-7913

Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severi…

CVSS: 7.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2026-7912

Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page.…

CVSS: 4.2 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD
High

CVE-2026-7911

Use after free in Aura in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2026-7910

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security…

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
Low

CVE-2026-7909

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pa…

CVSS: 3.1 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Critical

CVE-2026-7908

Use after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7907

Use after free in DOM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7906

Use after free in SVG in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7905

Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sand…

CVSS: 8.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2026-7904

Out of bounds read in Fonts in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2026-7903

Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…

CVSS: 8.8 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD
High

CVE-2026-7902

Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2026-7901

Use after free in ANGLE in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7900

Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…

CVSS: 8.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2026-7899

Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2026-7898

Use after free in Chromoting in Google Chrome on Linux prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7897

Use after free in Mobile in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML p…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7896

Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVSS: 8.8 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD
2026-05-03
Medium

CVE-2026-7686

A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activa…

CVSS: 5.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2026-04-28
High

CVE-2026-7363

Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security s…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7361

Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Low

CVE-2026-7360

Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c…

CVSS: 3.1 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2026-7359

Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7358

Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7357

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chro…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7356

Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7355

Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7354

Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:…

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2026-7353

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…

CVSS: 8.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2026-7352

Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD
Low

CVE-2026-7351

Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium se…

CVSS: 3.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2026-7350

Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7349

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium se…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7348

Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7347

Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)

CVSS: 8.1 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7346

Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Hi…

CVSS: 8.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2026-7345

Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox esc…

CVSS: 8.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2026-7344

Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a cr…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7343

Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7342

Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7341

Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2026-7340

Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: M…

CVSS: 4.3 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD
High

CVE-2026-7339

Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2026-7338

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium securi…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7337

Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2026-7336

Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7335

Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-7334

Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2026-7333

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
2026-04-23
High

CVE-2026-6921

Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

CVSS: 8.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Critical

CVE-2026-6920

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted…

CVSS: 9.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2026-6919

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…

CVSS: 9.6 CWE: CWE-416 - Use After Free View on NVD
2026-04-22
Medium

CVE-2026-31192

Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2026-40451

DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject mal…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2026-04-15
Medium

CVE-2026-6364

Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security se…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2026-6363

Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Medium

CVE-2026-6362

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: H…

CVSS: 4.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6361

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a…

CVSS: 8.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2026-6360

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6359

Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTM…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6358

Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critic…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6319

Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6318

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6317

Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6316

Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6315

Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a craf…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6314

Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chr…

CVSS: 8.3 CWE: CWE-787 - Out-of-bounds Write View on NVD
Low

CVE-2026-6313

Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.…

CVSS: 3.1 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2026-6312

Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML p…

CVSS: 3.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2026-6311

Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a…

CVSS: 8.3 CWE: CWE-457 - Use of Uninitialized Variable View on NVD
High

CVE-2026-6310

Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6309

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6308

Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2026-6307

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2026-6306

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2026-6305

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2026-6304

Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6303

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6302

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6301

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2026-6300

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-6299

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2026-6298

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secu…

CVSS: 4.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2026-6297

Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2026-6296

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVSS: 9.6 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2026-04-08
Medium

CVE-2026-5919

Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2026-5918

Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page…

CVSS: 4.3 CWE: CWE-346 - Origin Validation Error View on NVD
High

CVE-2026-5915

Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium secur…

CVSS: 8.1 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2026-5914

Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Ext…

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2026-5913

Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)

CVSS: 8.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2026-5912

Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)

CVSS: 8.8 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD
Medium

CVE-2026-5911

Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

CVSS: 4.3 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2026-5910

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)

CVSS: 8.8 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD
High

CVE-2026-5909

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)

CVSS: 8.8 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD
High

CVE-2026-5908

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)

CVSS: 8.8 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD
High

CVE-2026-5907

Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity:…

CVSS: 8.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2026-5906

Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium securit…

CVSS: 4.3 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD
Medium

CVE-2026-5905

Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

CVSS: 6.5 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD
High

CVE-2026-5904

Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Exte…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2026-5903

Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted…

CVSS: 6.5 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Critical

CVE-2026-5902

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium…

CVSS: 9.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2026-5901

Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions fo…

CVSS: 6.5 CWE: CWE-602 - Client-Side Enforcement of Server-Side Security View on NVD
Medium

CVE-2026-5900

Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)

CVSS: 4.3 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2026-5899

Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scri…

CVSS: 6.1 CWE: CWE-346 - Origin Validation Error View on NVD
Medium

CVE-2026-5898

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

CVSS: 4.3 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD
Medium

CVE-2026-5897

Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML p…

CVSS: 4.3 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD