Google Chrome vulnerabilities

CVE-2026-5874 CWE-416 CVE-2026-5874: Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who co Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5902 CWE-362 CVE-2026-5902: Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had c Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5912 [HIGH] CWE-472 CVE-2026-5912: Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perf Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5872 CWE-416 CVE-2026-5872: Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5914 [HIGH] CWE-843 CVE-2026-5914: Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a us Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)

CVE-2026-5884 CWE-20 CVE-2026-5884: Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5907 [HIGH] CWE-125 CVE-2026-5907: Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attac Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)

CVE-2026-5868 CWE-122 CVE-2026-5868: Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attack Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5913 CWE-125 CVE-2026-5913: Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to per Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5858 CWE-122 CVE-2026-5858: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to e Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-5909 [HIGH] CWE-472 CVE-2026-5909: Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)

CVE-2026-5859 CWE-472 CVE-2026-5859: Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-5908 [HIGH] CWE-472 CVE-2026-5908: Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)

CVE-2026-5871 CWE-843 CVE-2026-5871: Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5863 CVE-2026-5863: Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5910 [HIGH] CWE-472 CVE-2026-5910: Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)

CVE-2026-5862 CVE-2026-5862: Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5915 [HIGH] CWE-20 CVE-2026-5915: Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5873 CVE-2026-5873: Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5870 CWE-472 CVE-2026-5870: Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)