Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
61
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 10 of 199
CVE-2026-3536HIGHCVSS 8.8fixed in 145.0.7632.159fixed in 145.0.7632.160+1 more2026-03-04
CVE-2026-3536 [HIGH] CWE-472 CVE-2026-3536: Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to pote
Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
cvelistv5nvd
CVE-2026-3544HIGHCVSS 8.8fixed in 145.0.7632.159fixed in 145.0.7632.160+1 more2026-03-04
CVE-2026-3544 [HIGH] CWE-122 CVE-2026-3544: Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker
Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3540HIGHCVSS 8.8fixed in 145.0.7632.159fixed in 145.0.7632.160+1 more2026-03-04
CVE-2026-3540 [HIGH] CWE-125 CVE-2026-3540: Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote a
Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3543HIGHCVSS 8.8fixed in 145.0.7632.159fixed in 145.0.7632.160+1 more2026-03-04
CVE-2026-3543 [HIGH] CWE-284 CVE-2026-3543: Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacke
Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3542HIGHCVSS 8.8fixed in 145.0.7632.159fixed in 145.0.7632.160+1 more2026-03-04
CVE-2026-3542 [HIGH] CWE-284 CVE-2026-3542: Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remot
Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3537HIGHCVSS 8.8fixed in 145.0.7632.159≥ 145.0.7632.159, < 145.0.7632.1592026-03-04
CVE-2026-3537 [HIGH] CWE-787 CVE-2026-3537: Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remo
Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
cvelistv5nvd
CVE-2026-3539HIGHCVSS 8.8fixed in 145.0.7632.159≥ 145.0.7632.159, < 145.0.7632.1592026-03-04
CVE-2026-3539 [HIGH] CWE-1091 CVE-2026-3539: Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who
Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3062CRITICALCVSS 9.8fixed in 145.0.7632.116fixed in 145.0.7632.117+1 more2026-02-23
CVE-2026-3062 [CRITICAL] CWE-125 CVE-2026-3062: Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remot
Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3061CRITICALCVSS 9.1fixed in 145.0.7632.116fixed in 145.0.7632.117+1 more2026-02-23
CVE-2026-3061 [CRITICAL] CWE-125 CVE-2026-3061: Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to pe
Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3063MEDIUMCVSS 5.4fixed in 145.0.7632.116fixed in 145.0.7632.117+1 more2026-02-23
CVE-2026-3063 [MEDIUM] CVE-2026-3063: Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacke
Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-2648HIGHCVSS 8.8fixed in 145.0.7632.109≥ 145.0.7632.109, < 145.0.7632.1092026-02-18
CVE-2026-2648 [HIGH] CWE-122 CVE-2026-2648: Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to
Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-2650HIGHCVSS 8.8fixed in 145.0.7632.109≥ 145.0.7632.109, < 145.0.7632.1092026-02-18
CVE-2026-2650 [HIGH] CWE-122 CVE-2026-2650: Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to
Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-2649HIGHCVSS 8.8fixed in 145.0.7632.109≥ 145.0.7632.109, < 145.0.7632.1092026-02-18
CVE-2026-2649 [HIGH] CWE-472 CVE-2026-2649: Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potenti
Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-2441HIGHCVSS 8.8KEVfixed in 145.0.7632.75fixed in 145.0.7632.76+1 more2026-02-13
CVE-2026-2441 [HIGH] CWE-416 CVE-2026-2441: Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute a
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-2313HIGHCVSS 8.8fixed in 145.0.7632.45≥ 145.0.7632.45, < 145.0.7632.452026-02-11
CVE-2026-2313 [HIGH] CWE-416 CVE-2026-2313: Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potential
Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-2319HIGHCVSS 7.5fixed in 145.0.7632.45≥ 145.0.7632.45, < 145.0.7632.452026-02-11
CVE-2026-2319 [HIGH] CWE-362 CVE-2026-2319: Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a u
Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-2321HIGHCVSS 8.8fixed in 145.0.7632.45≥ 145.0.7632.45, < 145.0.7632.452026-02-11
CVE-2026-2321 [HIGH] CWE-416 CVE-2026-2321: Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convin
Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-2314HIGHCVSS 8.8fixed in 145.0.7632.45≥ 145.0.7632.45, < 145.0.7632.452026-02-11
CVE-2026-2314 [HIGH] CWE-122 CVE-2026-2314: Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to
Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-2315HIGHCVSS 8.8fixed in 145.0.7632.45≥ 145.0.7632.45, < 145.0.7632.452026-02-11
CVE-2026-2315 [HIGH] CVE-2026-2315: Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote atta
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-2318MEDIUMCVSS 6.5fixed in 145.0.7632.45≥ 145.0.7632.45, < 145.0.7632.452026-02-11
CVE-2026-2318 [MEDIUM] CWE-451 CVE-2026-2318: Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a r
Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd