Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
61
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 11 of 199
CVE-2026-2322MEDIUMCVSS 5.4fixed in 145.0.7632.45≥ 145.0.7632.45, < 145.0.7632.452026-02-11
CVE-2026-2322 [MEDIUM] CWE-451 CVE-2026-2322: Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-2317MEDIUMCVSS 6.5fixed in 145.0.7632.45≥ 145.0.7632.45, < 145.0.7632.452026-02-11
CVE-2026-2317 [MEDIUM] CWE-200 CVE-2026-2317: Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote a
Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-2320MEDIUMCVSS 6.5fixed in 145.0.7632.45≥ 145.0.7632.45, < 145.0.7632.452026-02-11
CVE-2026-2320 [MEDIUM] CWE-451 CVE-2026-2320: Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-2316MEDIUMCVSS 6.5fixed in 145.0.7632.45≥ 145.0.7632.45, < 145.0.7632.452026-02-11
CVE-2026-2316 [MEDIUM] CWE-451 CVE-2026-2316: Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote a
Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-2323MEDIUMCVSS 4.3fixed in 145.0.7632.45≥ 145.0.7632.45, < 145.0.7632.452026-02-11
CVE-2026-2323 [MEDIUM] CWE-451 CVE-2026-2323: Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote a
Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-1862HIGHCVSS 8.8fixed in 144.0.7559.132≥ 144.0.7559.132, < 144.0.7559.1322026-02-03
CVE-2026-1862 [HIGH] CWE-843 CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potential
Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-1861HIGHCVSS 8.8fixed in 144.0.7559.132≥ 144.0.7559.132, < 144.0.7559.1322026-02-03
CVE-2026-1861 [HIGH] CWE-122 CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to
Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-1504MEDIUMCVSS 6.5fixed in 144.0.7559.110≥ 144.0.7559.110, < 144.0.7559.1102026-01-27
CVE-2026-1504 [MEDIUM] CVE-2026-1504: Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowe
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-0906CRITICALCVSS 9.8fixed in 144.0.7559.59fixed in 144.0.7559.60+1 more2026-01-20
CVE-2026-0906 [CRITICAL] CWE-451 CVE-2026-0906: Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker
Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-0905CRITICALCVSS 9.8fixed in 144.0.7559.59fixed in 144.0.7559.60+1 more2026-01-20
CVE-2026-0905 [CRITICAL] CWE-200 CVE-2026-0905: Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack
Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-0907CRITICALCVSS 9.8fixed in 144.0.7559.59fixed in 144.0.7559.60+1 more2026-01-20
CVE-2026-0907 [CRITICAL] CWE-451 CVE-2026-0907: Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacke
Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-0899HIGHCVSS 8.8fixed in 144.0.7559.59fixed in 144.0.7559.60+1 more2026-01-20
CVE-2026-0899 [HIGH] CWE-125 CVE-2026-0899: Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker
Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-0900HIGHCVSS 8.8fixed in 144.0.7559.59fixed in 144.0.7559.60+1 more2026-01-20
CVE-2026-0900 [HIGH] CVE-2026-0900: Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-0902HIGHCVSS 8.8fixed in 144.0.7559.59fixed in 144.0.7559.60+1 more2026-01-20
CVE-2026-0902 [HIGH] CWE-474 CVE-2026-0902: Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-0908HIGHCVSS 8.8fixed in 144.0.7559.59fixed in 144.0.7559.60+1 more2026-01-20
CVE-2026-0908 [HIGH] CWE-416 CVE-2026-0908: Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potenti
Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-0904MEDIUMCVSS 5.4fixed in 144.0.7559.59fixed in 144.0.7559.60+1 more2026-01-20
CVE-2026-0904 [MEDIUM] CWE-451 CVE-2026-0904: Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remot
Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-0901MEDIUMCVSS 5.4fixed in 144.0.7559.59≥ 144.0.7559.59, < 144.0.7559.592026-01-20
CVE-2026-0901 [MEDIUM] CWE-451 CVE-2026-0901: Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a r
Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-0903MEDIUMCVSS 5.4fixed in 144.0.7559.59fixed in 144.0.7559.60+1 more2026-01-20
CVE-2026-0903 [MEDIUM] CWE-20 CVE-2026-0903: Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-0628HIGHCVSS 8.8fixed in 143.0.7499.192≥ 143.0.7499.192, < 143.0.7499.1922026-01-07
CVE-2026-0628 [HIGH] CWE-862 CVE-2026-0628: Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an a
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
cvelistv5nvd
CVE-2025-14766HIGHCVSS 8.8fixed in 143.0.7499.146≥ 143.0.7499.147, < 143.0.7499.1472025-12-16
CVE-2025-14766 [HIGH] CWE-125 CVE-2025-14766: Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacke
Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd