Google Chrome vulnerabilities
4,380 known vulnerabilities affecting google/chrome.
Total CVEs
4,380
CISA KEV
74
actively exploited
Public exploits
64
Exploited in wild
65
Severity breakdown
CRITICAL313HIGH2275MEDIUM1745LOW45UNKNOWN2
Vulnerabilities
Page 12 of 219
CVE-2026-8570MEDIUMCVSS 6.5fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8570 [MEDIUM] CWE-843 CVE-2026-8570: Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain po
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-8566MEDIUMCVSS 4.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8566 [MEDIUM] CWE-284 CVE-2026-8566: Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allo
Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-8528MEDIUMCVSS 4.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8528 [MEDIUM] CWE-20 CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168
Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8563MEDIUMCVSS 4.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8563 [MEDIUM] CWE-693 CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.16
Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-8516MEDIUMCVSS 5.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8516 [MEDIUM] CWE-20 CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168
Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-8565MEDIUMCVSS 4.7fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8565 [MEDIUM] CWE-451 CVE-2026-8565: Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an
Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
nvd
CVE-2026-8550MEDIUMCVSS 6.5fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8550 [MEDIUM] CWE-416 CVE-2026-8550: Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who
Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8561MEDIUMCVSS 5.4fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8561 [MEDIUM] CWE-451 CVE-2026-8561: Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attack
Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-8586MEDIUMCVSS 5.5fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8586 [MEDIUM] CWE-284 CVE-2026-8586: Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: Medium)
nvd
CVE-2026-8560MEDIUMCVSS 4.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8560 [MEDIUM] CWE-122 CVE-2026-8560: Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed
Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-8583MEDIUMCVSS 5.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8583 [MEDIUM] CWE-693 CVE-2026-8583: Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed
Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-8546MEDIUMCVSS 5.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8546 [MEDIUM] CWE-125 CVE-2026-8546: Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remo
Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8564MEDIUMCVSS 4.2fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8564 [MEDIUM] CWE-451 CVE-2026-8564: Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allow
Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-8562MEDIUMCVSS 4.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8562 [MEDIUM] CWE-1300 CVE-2026-8562: Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a re
Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-8584MEDIUMCVSS 4.2v148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8584 [MEDIUM] CWE-451 CVE-2026-8584: Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remo
Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-8567MEDIUMCVSS 4.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8567 [MEDIUM] CWE-472 CVE-2026-8567: Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attac
Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-8559MEDIUMCVSS 4.3fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8559 [MEDIUM] CWE-472 CVE-2026-8559: Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed
Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8568LOWCVSS 3.1fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8568 [LOW] CWE-693 CVE-2026-8568: Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote atta
Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-8536LOWCVSS 3.1fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8536 [LOW] CWE-20 CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.777
Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-8553LOWCVSS 3.1fixed in 148.0.7778.168≥ 148.0.7778.168, < 148.0.7778.1682026-05-14
CVE-2026-8553 [LOW] CWE-416 CVE-2026-8553: Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had com
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
nvd