cbcvebase.

Google Chrome vulnerabilities

4,380 known vulnerabilities affecting google/chrome.

Total CVEs
4,380
CISA KEV
74
actively exploited
Public exploits
64
Exploited in wild
65
Severity breakdown
CRITICAL313HIGH2275MEDIUM1745LOW45UNKNOWN2

Vulnerabilities

Page 11 of 219
CVE-2026-8519HIGHCVSS 8.8fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8519 [HIGH] CWE-472 CVE-2026-8519: Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attac Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-8523HIGHCVSS 8.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8523 [HIGH] CWE-416 CVE-2026-8523: Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had co Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8532HIGHCVSS 8.8fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8532 [HIGH] CWE-472 CVE-2026-8532: Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execut Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8551HIGHCVSS 8.8fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8551 [HIGH] CWE-416 CVE-2026-8551: Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who c Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8509HIGHCVSS 8.8fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8509 [HIGH] CWE-122 CVE-2026-8509: Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-8525HIGHCVSS 8.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8525 [HIGH] CWE-122 CVE-2026-8525: Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attac Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8524HIGHCVSS 8.8fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8524 [HIGH] CWE-787 CVE-2026-8524: Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker t Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8512HIGHCVSS 8.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8512 [HIGH] CWE-416 CVE-2026-8512: Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-8521HIGHCVSS 7.5fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8521 [HIGH] CWE-416 CVE-2026-8521: Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to e Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
nvd
CVE-2026-8513HIGHCVSS 8.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8513 [HIGH] CWE-416 CVE-2026-8513: Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacke Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-8544HIGHCVSS 8.8fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8544 [HIGH] CWE-416 CVE-2026-8544: Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execut Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8576MEDIUMCVSS 4.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8576 [MEDIUM] CWE-942 CVE-2026-8576: Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-8582MEDIUMCVSS 5.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8582 [MEDIUM] CWE-664 CVE-2026-8582: Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-8537MEDIUMCVSS 4.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8537 [MEDIUM] CWE-942 CVE-2026-8537: Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8539MEDIUMCVSS 5.4fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8539 [MEDIUM] CWE-94 CVE-2026-8539: Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remot Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8543MEDIUMCVSS 5.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8543 [MEDIUM] CWE-125 CVE-2026-8543: Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote at Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8538MEDIUMCVSS 5.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8538 [MEDIUM] CWE-20 CVE-2026-8538: Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8535MEDIUMCVSS 5.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8535 [MEDIUM] CWE-125 CVE-2026-8535: Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted JPEG file. (Chromium security severity: High)
nvd
CVE-2026-8541MEDIUMCVSS 5.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8541 [MEDIUM] CWE-125 CVE-2026-8541: Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8552MEDIUMCVSS 4.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8552 [MEDIUM] CWE-122 CVE-2026-8552: Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote att Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
nvd
← Previous11 / 219Next →
Google Chrome vulnerabilities | cvebase