Google Chrome vulnerabilities
4,380 known vulnerabilities affecting google/chrome.
Total CVEs
4,380
CISA KEV
74
actively exploited
Public exploits
64
Exploited in wild
65
Severity breakdown
CRITICAL313HIGH2275MEDIUM1745LOW45UNKNOWN2
Vulnerabilities
Page 21 of 219
CVE-2026-7360LOWCVSS 3.1fixed in 147.0.7727.138≥ 147.0.7727.138, < 147.0.7727.1382026-04-28
CVE-2026-7360 [LOW] CWE-20 CVE-2026-7360: Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138
Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-7351LOWCVSS 3.1fixed in 147.0.7727.138≥ 147.0.7727.138, < 147.0.7727.1382026-04-28
CVE-2026-7351 [LOW] CWE-362 CVE-2026-7351: Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to i
Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: High)
nvd
CVE-2026-6920CRITICALCVSS 9.6fixed in 147.0.7727.116≥ 147.0.7727.117, < 147.0.7727.1172026-04-23
CVE-2026-6920 [CRITICAL] CWE-125 CVE-2026-6920: Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attac
Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6919CRITICALCVSS 9.6fixed in 147.0.7727.116≥ 147.0.7727.117, < 147.0.7727.1172026-04-23
CVE-2026-6919 [CRITICAL] CWE-416 CVE-2026-6919: Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who ha
Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6921HIGHCVSS 8.3fixed in 147.0.7727.116≥ 147.0.7727.117, < 147.0.7727.1172026-04-23
CVE-2026-6921 [HIGH] CWE-362 CVE-2026-6921: Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potenti
Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)
nvd
CVE-2026-6296CRITICALCVSS 9.6fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6296 [CRITICAL] CWE-122 CVE-2026-6296: Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to
Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-6303HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6303 [HIGH] CWE-416 CVE-2026-6303: Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execu
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6299HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6299 [HIGH] CWE-416 CVE-2026-6299: Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to ex
Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-6305HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6305 [HIGH] CWE-122 CVE-2026-6305: Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to
Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
nvd
CVE-2026-6358HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6358 [HIGH] CWE-416 CVE-2026-6358: Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker t
Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-6359HIGHCVSS 8.8≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6359 [HIGH] CWE-416 CVE-2026-6359: Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacke
Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6315HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6315 [HIGH] CWE-416 CVE-2026-6315: Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote a
Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6318HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6318 [HIGH] CWE-416 CVE-2026-6318: Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execu
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-6311HIGHCVSS 8.3fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6311 [HIGH] CWE-457 CVE-2026-6311: Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a rem
Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6307HIGHCVSS 8.8≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6307 [HIGH] CWE-843 CVE-2026-6307: Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to exe
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6309HIGHCVSS 8.3fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6309 [HIGH] CWE-416 CVE-2026-6309: Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had com
Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6317HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6317 [HIGH] CWE-416 CVE-2026-6317: Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute
Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6302HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6302 [HIGH] CWE-416 CVE-2026-6302: Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execut
Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6361HIGHCVSS 8.3fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6361 [HIGH] CWE-122 CVE-2026-6361: Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote
Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
nvd
CVE-2026-6319HIGHCVSS 7.5fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6319 [HIGH] CWE-416 CVE-2026-6319: Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote atta
Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)
nvd