cbcvebase.

Google Chrome vulnerabilities

4,380 known vulnerabilities affecting google/chrome.

Total CVEs
4,380
CISA KEV
74
actively exploited
Public exploits
64
Exploited in wild
65
Severity breakdown
CRITICAL313HIGH2275MEDIUM1745LOW45UNKNOWN2

Vulnerabilities

Page 23 of 219
CVE-2026-5914HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5914 [HIGH] CWE-843 CVE-2026-5914: Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a us Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
nvd
CVE-2026-5907HIGHCVSS 8.1≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5907 [HIGH] CWE-125 CVE-2026-5907: Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attac Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)
nvd
CVE-2026-5868HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5868 [HIGH] CWE-122 CVE-2026-5868: Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attack Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-5913HIGHCVSS 8.1fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5913 [HIGH] CWE-125 CVE-2026-5913: Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to per Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2026-5858HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5858 [HIGH] CWE-122 CVE-2026-5858: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to e Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-5884HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5884 [HIGH] CWE-20 CVE-2026-5884: Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-5908HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5908 [HIGH] CWE-472 CVE-2026-5908: Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
nvd
CVE-2026-5871HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5871 [HIGH] CWE-843 CVE-2026-5871: Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-5863HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5863 [HIGH] CWE-284 CVE-2026-5863: Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-5910HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5910 [HIGH] CWE-472 CVE-2026-5910: Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
nvd
CVE-2026-5862HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5862 [HIGH] CVE-2026-5862: Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-5915HIGHCVSS 8.1fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5915 [HIGH] CWE-20 CVE-2026-5915: Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
nvd
CVE-2026-5873HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5873 [HIGH] CWE-125 CVE-2026-5873: Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-5859HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5859 [HIGH] CWE-472 CVE-2026-5859: Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-5861HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5861 [HIGH] CWE-416 CVE-2026-5861: Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-5860HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5860 [HIGH] CWE-416 CVE-2026-5860: Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-5865HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5865 [HIGH] CWE-843 CVE-2026-5865: Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-5877HIGHCVSS 8.8≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5877 [HIGH] CWE-416 CVE-2026-5877: Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to ex Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
nvd
CVE-2026-5904HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5904 [HIGH] CWE-416 CVE-2026-5904: Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a use Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
nvd
CVE-2026-5879HIGHCVSS 8.8fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5879 [HIGH] CWE-20 CVE-2026-5879: Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 a Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
nvd
← Previous23 / 219Next →