Google Chrome vulnerabilities

4,380 known vulnerabilities affecting google/chrome.

Total CVEs

4,380

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL313HIGH2275MEDIUM1745LOW45UNKNOWN2

Vulnerabilities

Page 16 of 219

CVE-2026-7970HIGHCVSS 8.3fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7970 [HIGH] CWE-416 CVE-2026-7970: Use after free in TopChrome in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who ha Use after free in TopChrome in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2026-7899HIGHCVSS 8.8fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7899 [HIGH] CWE-125 CVE-2026-7899: Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2026-8002HIGHCVSS 8.8fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-8002 [HIGH] CWE-416 CVE-2026-8002: Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2026-7951HIGHCVSS 8.8≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7951 [HIGH] CWE-787 CVE-2026-7951: Out of bounds write in WebRTC in Google Chrome prior to 148 Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

cvelistv5

CVE-2026-7956HIGHCVSS 8.3≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7956 [HIGH] CWE-416 CVE-2026-7956: Use after free in Navigation in Google Chrome prior to 148 Use after free in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

cvelistv5

CVE-2026-8001HIGHCVSS 8.3fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-8001 [HIGH] CWE-416 CVE-2026-8001: Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2026-7990HIGHCVSS 7.8fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7990 [HIGH] CWE-20 CVE-2026-7990: Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.777 Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

nvd

CVE-2026-7958MEDIUMCVSS 5.4≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7958 [MEDIUM] CVE-2026-7958: Inappropriate implementation in ServiceWorker in Google Chrome prior to 148 Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium)

cvelistv5

CVE-2026-8021MEDIUMCVSS 4.2fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-8021 [MEDIUM] CWE-94 CVE-2026-8021: Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinc Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2026-8019MEDIUMCVSS 5.4fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-8019 [MEDIUM] CWE-451 CVE-2026-8019: Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote a Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2026-7993MEDIUMCVSS 4.2fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7993 [MEDIUM] CWE-20 CVE-2026-7993: Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.77 Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2026-7961MEDIUMCVSS 4.3≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7961 [MEDIUM] CWE-20 CVE-2026-7961: Insufficient validation of untrusted input in Permissions in Google Chrome prior to 148 Insufficient validation of untrusted input in Permissions in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to leak cross-origin data via malicious network traffic. (Chromium security severity: Medium)

cvelistv5

CVE-2026-7942MEDIUMCVSS 4.3fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7942 [MEDIUM] CWE-472 CVE-2026-7942: Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2026-7983MEDIUMCVSS 4.3fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7983 [MEDIUM] CWE-125 CVE-2026-7983: Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2026-7932MEDIUMCVSS 4.4fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7932 [MEDIUM] CWE-693 CVE-2026-7932: Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

nvd

CVE-2026-7998MEDIUMCVSS 5.4fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7998 [MEDIUM] CWE-20 CVE-2026-7998: Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2026-7953MEDIUMCVSS 6.1≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7953 [MEDIUM] CWE-20 CVE-2026-7953: Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148 Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious network traffic. (Chromium security severity: Medium)

cvelistv5

CVE-2026-7912MEDIUMCVSS 4.2fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7912 [MEDIUM] CWE-472 CVE-2026-7912: Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

nvd

CVE-2026-8010MEDIUMCVSS 6.3fixed in 148.0.7778.96≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-8010 [MEDIUM] CWE-20 CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

nvd

CVE-2026-7960MEDIUMCVSS 5.3≥ 148.0.7778.96, < 148.0.7778.962026-05-06

CVE-2026-7960 [MEDIUM] CWE-362 CVE-2026-7960: Race in Speech in Google Chrome prior to 148 Race in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

cvelistv5

← Previous16 / 219Next →