Google Chrome vulnerabilities

CVE-2026-5879 CWE-20 CVE-2026-5879: Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 a Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5861 CWE-416 CVE-2026-5861: Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5877 CWE-416 CVE-2026-5877: Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to ex Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5860 CWE-416 CVE-2026-5860: Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5865 CWE-843 CVE-2026-5865: Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5866 [HIGH] CWE-416 CVE-2026-5866: Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5904 CWE-416 CVE-2026-5904: Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a use Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)

CVE-2026-5878 CVE-2026-5878: Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5889 CVE-2026-5889: Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read pot Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)

CVE-2026-5899 CVE-2026-5899: Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowe Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5864 CWE-122 CVE-2026-5864: Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker t Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5906 [MEDIUM] CWE-451 CVE-2026-5906: Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5900 CVE-2026-5900: Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypa Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5887 CWE-20 CVE-2026-5887: Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7 Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5898 CVE-2026-5898: Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote att Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5897 CVE-2026-5897: Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5891 CVE-2026-5891: Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remo Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5893 CWE-362 CVE-2026-5893: Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5895 CVE-2026-5895: Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote att Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)

CVE-2026-5880 CVE-2026-5880: Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remo Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)