cbcvebase.

Google Chrome vulnerabilities

4,380 known vulnerabilities affecting google/chrome.

Total CVEs
4,380
CISA KEV
74
actively exploited
Public exploits
64
Exploited in wild
65
Severity breakdown
CRITICAL313HIGH2275MEDIUM1745LOW45UNKNOWN2

Vulnerabilities

Page 22 of 219
CVE-2026-6301HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6301 [HIGH] CWE-843 CVE-2026-6301: Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to exe Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6300HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6300 [HIGH] CWE-416 CVE-2026-6300: Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6308HIGHCVSS 7.5fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6308 [HIGH] CWE-125 CVE-2026-6308: Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who c Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6304HIGHCVSS 8.3fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6304 [HIGH] CWE-416 CVE-2026-6304: Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who ha Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6310HIGHCVSS 8.3fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6310 [HIGH] CWE-416 CVE-2026-6310: Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had co Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6297HIGHCVSS 8.3fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6297 [HIGH] CWE-416 CVE-2026-6297: Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-6316HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6316 [HIGH] CWE-416 CVE-2026-6316: Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execut Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6363HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6363 [HIGH] CWE-843 CVE-2026-6363: Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potential Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-6360HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6360 [HIGH] CWE-416 CVE-2026-6360: Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to p Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6314HIGHCVSS 8.3fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6314 [HIGH] CWE-787 CVE-2026-6314: Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who ha Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6306HIGHCVSS 8.8fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6306 [HIGH] CWE-122 CVE-2026-6306: Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
nvd
CVE-2026-6364MEDIUMCVSS 6.5fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6364 [MEDIUM] CWE-125 CVE-2026-6364: Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obt Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)
nvd
CVE-2026-6362MEDIUMCVSS 4.3fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6362 [MEDIUM] CWE-416 CVE-2026-6362: Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to poten Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High)
nvd
CVE-2026-6298MEDIUMCVSS 4.3fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6298 [MEDIUM] CWE-122 CVE-2026-6298: Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to o Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-6313LOWCVSS 3.1≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6313 [LOW] CWE-284 CVE-2026-6313: Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote at Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-6312LOWCVSS 3.1fixed in 147.0.7727.101≥ 147.0.7727.101, < 147.0.7727.1012026-04-15
CVE-2026-6312 [LOW] CWE-284 CVE-2026-6312: Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remo Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-5902CRITICALCVSS 9.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5902 [CRITICAL] CWE-362 CVE-2026-5902: Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had c Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2026-5874CRITICALCVSS 9.6fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5874 [CRITICAL] CWE-416 CVE-2026-5874: Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who co Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-5912HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5912 [HIGH] CWE-472 CVE-2026-5912: Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perf Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2026-5872HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5872 [HIGH] CWE-416 CVE-2026-5872: Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
← Previous22 / 219Next →
Google Chrome vulnerabilities | cvebase