Google Chrome - 4704 CVEs (Page 1/40)

About “Google Chrome”

A curated feed of “Google Chrome”-related CVEs appears below. We currently track 4704 CVEs for this tag (all time). In the last 365 days, 807 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 58% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-20 - Improper Input Validation, CWE-125 - Out-of-bounds Read.

In our taxonomy this topic maps to a LOW impact class. Browsers are high value endpoints. Force auto updates, enforce enterprise policies, limit risky extensions, and enable site isolation or sandboxing. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: chrome

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	EOL
148	2026-05-05	-	2026-06-05 Soon
147	2026-04-07	-	2026-05-05 Expired
146	2026-03-10	-	2026-04-07 Expired
145	2026-02-10	-	2026-03-10 Expired
144	2026-01-13	-	2026-02-10 Expired
143	2025-12-02	-	2026-01-13 Expired
142	2025-10-28	-	2025-12-02 Expired
141	2025-09-30	-	2025-10-28 Expired
140	2025-09-02	-	2025-09-30 Expired
139	2025-08-05	-	2025-09-02 Expired
138	2025-06-24	-	2025-08-05 Expired
137	2025-05-27	-	2025-06-24 Expired
136	2025-04-29	-	2025-05-27 Expired
135	2025-04-01	-	2025-04-29 Expired
134	2025-03-04	-	2025-04-01 Expired
133	2025-02-04	-	2025-03-04 Expired
132	2025-01-14	-	2025-02-04 Expired
131	2024-11-12	-	2025-01-14 Expired
130	2024-10-15	-	2024-11-12 Expired
129	2024-09-17	-	2024-10-15 Expired
128	2024-08-20	-	2024-09-17 Expired
127	2024-07-23	-	2024-08-20 Expired
126	2024-06-11	-	2024-07-23 Expired
125	2024-05-14	-	2024-06-11 Expired
124	2024-04-16	-	2024-05-14 Expired
123	2024-03-19	-	2024-04-16 Expired
122	2024-02-20	-	2024-03-19 Expired
121	2024-01-23	-	2024-02-20 Expired
120	2023-12-05	-	2024-01-23 Expired
119	2023-10-31	-	2023-12-05 Expired
118	2023-10-10	-	2023-10-31 Expired
117	2023-09-12	-	2023-10-10 Expired
116	2023-08-15	-	2023-09-12 Expired
115	2023-07-18	-	2023-08-15 Expired
114	2023-05-30	-	2023-07-18 Expired
113	2023-05-02	-	2023-05-30 Expired
112	2023-04-04	-	2023-05-02 Expired
111	2023-03-07	-	2023-04-04 Expired
110	2023-02-07	-	2023-03-07 Expired
109	2023-01-10	-	2023-02-07 Expired
108	2022-11-29	-	2023-01-10 Expired
107	2022-10-25	-	2022-11-29 Expired
106	2022-09-27	-	2022-10-25 Expired
105	2022-08-30	-	2022-09-27 Expired
104	2022-08-02	-	2022-08-30 Expired
103	2022-06-21	-	2022-08-02 Expired
102	2022-05-24	-	2022-06-21 Expired
101	2022-04-26	-	2022-05-24 Expired
100	2022-03-29	-	2022-04-26 Expired
99	2022-03-01	-	2022-03-29 Expired
98	2022-02-01	-	2022-03-01 Expired
97	2022-01-04	-	2022-02-01 Expired
96	2021-11-16	-	2022-01-04 Expired
95	2021-10-19	-	2021-11-16 Expired
94	2021-09-21	-	2021-10-19 Expired
93	2021-08-31	-	2021-09-21 Expired
92	2021-07-20	-	2021-08-31 Expired
91	2021-05-25	-	2021-07-20 Expired
90	2021-04-13	-	2021-05-25 Expired
89	2021-03-02	-	2021-04-13 Expired
88	2021-01-19	-	2021-03-02 Expired
87	2020-11-17	-	2021-01-19 Expired
86	2020-10-06	-	2020-11-17 Expired
85	2020-08-25	-	2020-10-06 Expired
84	2020-07-14	-	2020-08-25 Expired
83	2020-05-19	-	2020-07-14 Expired
81	2020-04-07	-	2020-05-19 Expired
80	2020-02-04	-	2020-04-07 Expired
79	2019-12-10	-	2020-02-04 Expired
78	2019-10-22	-	2019-12-10 Expired
77	2019-09-10	-	2019-10-22 Expired
76	2019-07-30	-	2019-09-10 Expired
75	2019-06-04	-	2019-07-30 Expired
74	2019-04-23	-	2019-06-04 Expired
73	2019-03-12	-	2019-04-23 Expired
72	2019-01-29	-	2019-03-12 Expired
71	2018-12-04	-	2019-01-29 Expired
70	2018-10-16	-	2018-12-04 Expired
69	2018-09-04	-	2018-10-16 Expired
68	2018-07-24	-	2018-09-04 Expired
67	2018-05-29	-	2018-07-24 Expired
66	2018-04-17	-	2018-05-29 Expired
65	2018-03-06	-	2018-04-17 Expired
64	2018-01-23	-	2018-03-06 Expired
63	2017-12-05	-	2018-01-23 Expired
62	2017-10-17	-	2017-12-05 Expired
61	2017-09-05	-	2017-10-17 Expired
60	2017-07-25	-	2017-09-05 Expired
59	2017-05-30	-	2017-07-25 Expired
58	2017-04-18	-	2017-05-30 Expired
57	2017-03-07	-	2017-04-18 Expired
56	2017-01-24	-	2017-03-07 Expired
55	2016-11-29	-	2017-01-24 Expired
54	2016-10-11	-	2016-11-29 Expired
53	2016-08-30	-	2016-10-11 Expired
52	2016-07-19	-	2016-08-30 Expired
51	2016-05-24	-	2016-07-19 Expired
50	2016-04-12	-	2016-05-24 Expired
49	2016-03-01	-	2016-04-12 Expired
48	2016-01-19	-	2016-03-01 Expired
47	2015-11-17	-	2016-01-19 Expired
46	2015-10-06	-	2015-11-17 Expired
45	2015-08-25	-	2015-10-06 Expired
44	2015-07-14	-	2015-08-25 Expired
43	2015-05-19	-	2015-07-14 Expired
42	2015-04-07	-	2015-05-19 Expired
41	2015-02-24	-	2015-04-07 Expired
40	2015-01-13	-	2015-02-24 Expired
39	2014-11-11	-	2015-01-13 Expired
38	2014-09-30	-	2014-11-11 Expired
37	2014-08-19	-	2014-09-30 Expired
36	2014-06-24	-	2014-08-19 Expired
35	2014-05-13	-	2014-06-24 Expired
34	2014-04-01	-	2014-05-13 Expired
33	2014-02-18	-	2014-04-01 Expired
32	2014-01-07	-	2014-02-18 Expired
31	2013-11-05	-	2014-01-07 Expired
30	2013-09-24	-	2013-11-05 Expired
29	2013-08-13	-	2013-09-24 Expired
28	2013-06-25	-	2013-08-13 Expired
27	2013-05-07	-	2013-06-25 Expired
26	2013-03-26	-	2013-05-07 Expired
25	2013-02-12	-	2013-03-26 Expired
24	2012-12-18	-	2013-02-12 Expired
23	2012-10-30	-	2012-12-18 Expired
22	2012-09-18	-	2012-10-30 Expired
21	2012-08-07	-	2012-09-18 Expired
20	2012-06-19	-	2012-08-07 Expired
19	2012-04-24	-	2012-06-19 Expired
18	2012-03-13	-	2012-04-24 Expired
17	2012-01-31	-	2012-03-13 Expired
16	2011-12-06	-	2012-01-31 Expired
15	2011-10-18	-	2011-12-06 Expired
14	2011-09-06	-	2011-10-18 Expired
13	2011-07-26	-	2011-09-06 Expired
12	2011-05-31	-	2011-07-26 Expired
11	2011-04-19	-	2011-05-31 Expired
10	2011-03-08	-	2011-04-19 Expired
9	2011-01-25	-	2011-03-08 Expired
8	2010-11-30	-	2011-01-25 Expired
7	2010-10-12	-	2010-11-30 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “Google Chrome” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2026-06-03

Unknown

CVE-2026-8889

Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).

CVSS: N/A CWE: N/A View on NVD

Unknown

CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. A…

CVSS: N/A CWE: N/A View on NVD

Unknown

CVE-2026-8881

Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no…

CVSS: N/A CWE: N/A View on NVD

Unknown

CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manif…

CVSS: N/A CWE: N/A View on NVD

Unknown

CVE-2026-8878

Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that…

CVSS: N/A CWE: N/A View on NVD

Unknown

CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.

CVSS: N/A CWE: N/A View on NVD

Unknown

CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension…

CVSS: N/A CWE: N/A View on NVD

2026-06-01

High

CVE-2026-45727

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path componen…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

2026-05-28

High

CVE-2026-9999

Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2026-9998

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (…

CVSS: 8.3 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD

High

CVE-2026-9997

Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2026-9996

Out of bounds read in WebRTC in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromi…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2026-9995

Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9994

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9993

Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted PDF file. (Ch…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9992

Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

Low

CVE-2026-9991

Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT…

CVSS: 3.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

High

CVE-2026-9990

Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruptio…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2026-9989

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)

CVSS: 6.3 CWE: CWE-346 - Origin Validation Error View on NVD

High

CVE-2026-9988

Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9987

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium sec…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD

Medium

CVE-2026-9986

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via…

CVSS: 4.2 CWE: CWE-20 - Improper Input Validation View on NVD

Medium

CVE-2026-9985

Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensi…

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2026-9984

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9983

Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD

High

CVE-2026-9982

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape…

CVSS: 8.3 CWE: CWE-20 - Improper Input Validation View on NVD

Medium

CVE-2026-9981

Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chrom…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

Medium

CVE-2026-9980

Insufficient validation of untrusted input in Printing in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a craft…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD

Medium

CVE-2026-9979

Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2026-9978

Use after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9977

Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a…

CVSS: 8.3 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2026-9976

Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

High

CVE-2026-9975

Out of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted…

CVSS: 8.3 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2026-9974

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…

CVSS: 8.3 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2026-9973

Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2026-9972

Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H…

CVSS: 8.3 CWE: CWE-457 - Use of Uninitialized Variable View on NVD

Medium

CVE-2026-9971

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTM…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

High

CVE-2026-9970

Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9969

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2026-9968

Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD

Critical

CVE-2026-9967

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 9.6 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2026-9966

Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…

CVSS: 8.3 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD

High

CVE-2026-9965

Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2026-9964

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Ex…

CVSS: 8.1 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9963

Uninitialized Use in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox vi…

CVSS: 7.5 CWE: CWE-457 - Use of Uninitialized Variable View on NVD

High

CVE-2026-9962

Use after free in WebRTC in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9961

Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9960

Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted font fi…

CVSS: 7.5 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD

Low

CVE-2026-9959

Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

CVSS: 3.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

High

CVE-2026-9958

Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9957

Use after free in PDF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9956

Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML pag…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2026-9955

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

High

CVE-2026-9954

Use after free in TabStrip in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a craft…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2026-9953

Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secur…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2026-9952

Use after free in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9951

Use after free in UI in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

Low

CVE-2026-9950

Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a…

CVSS: 3.1 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2026-9949

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9948

Use after free in Views in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML p…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9947

Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9946

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9945

Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

Low

CVE-2026-9944

Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium sec…

CVSS: 3.1 CWE: CWE-457 - Use of Uninitialized Variable View on NVD

Medium

CVE-2026-9943

Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2026-9942

Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium secu…

CVSS: 5.0 CWE: CWE-457 - Use of Uninitialized Variable View on NVD

High

CVE-2026-9941

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9940

Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2026-9939

Heap buffer overflow in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2026-9938

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:…

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

High

CVE-2026-9937

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9936

Use after free in GFX in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2026-9935

Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

CVSS: 4.3 CWE: CWE-457 - Use of Uninitialized Variable View on NVD

High

CVE-2026-9934

Use after free in Aura in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Ch…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9933

Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9932

Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9931

Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2026-9930

Out of bounds write in Dawn in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Hi…

CVSS: 4.3 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2026-9929

Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Hig…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

High

CVE-2026-9928

Out of bounds read in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2026-9927

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9926

Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pa…

CVSS: 8.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2026-9925

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9924

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craf…

CVSS: 8.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2026-9923

Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9922

Use after free in GPU in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium s…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2026-9921

Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin information via a crafted HTML page. (Chromium security severity: High)

CVSS: 4.3 CWE: CWE-457 - Use of Uninitialized Variable View on NVD

Low

CVE-2026-9920

Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chr…

CVSS: 3.1 CWE: CWE-457 - Use of Uninitialized Variable View on NVD

Medium

CVE-2026-9919

Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD

Critical

CVE-2026-9918

Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: H…

CVSS: 9.6 CWE: CWE-269 - Improper Privilege Management View on NVD

Medium

CVE-2026-9917

Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chro…

CVSS: 6.5 CWE: CWE-457 - Use of Uninitialized Variable View on NVD

High

CVE-2026-9916

Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…

CVSS: 8.3 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2026-9915

CVSS: 8.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2026-9914

CVSS: 8.3 CWE: CWE-20 - Improper Input Validation View on NVD

Medium

CVE-2026-9913

Inappropriate implementation in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security…

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2026-9912

Inappropriate implementation in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML pa…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

Medium

CVE-2026-9911

Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

CVSS: 4.3 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD

High

CVE-2026-9910

Out of bounds memory access in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity…

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2026-9909

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page…

CVSS: 7.5 CWE: CWE-472 - External Control of Assumed-Immutable Web Parameter View on NVD

Medium

CVE-2026-9908

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2026-9907

Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2026-9906

CVSS: 8.3 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2026-9905

Use after free in Accessibility in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a cr…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9904

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2026-9903

Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2026-9902

Use after free in Accessibility in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9901

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium securi…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9900

CVSS: 8.3 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2026-9899

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9898

Insufficient validation of untrusted input in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandb…

CVSS: 8.3 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2026-9897

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9896

Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2026-9895

Out of bounds read in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…

CVSS: 8.3 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2026-9894

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9893

Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9892

Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via…

CVSS: 8.3 CWE: CWE-269 - Improper Privilege Management View on NVD

Critical

CVE-2026-9891

Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome E…

CVSS: 9.0 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9890

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2026-9889

Out of bounds read and write in Dawn in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security…

CVSS: 8.3 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2026-9888

Use after free in WebView in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted…

CVSS: 8.3 CWE: CWE-416 - Use After Free View on NVD