Google Chrome vulnerabilities
4,807 known vulnerabilities affecting google/chrome.
Total CVEs
4,807
CISA KEV
74
actively exploited
Public exploits
65
Exploited in wild
65
Severity breakdown
CRITICAL313HIGH2275MEDIUM1745LOW45UNKNOWN429
Vulnerabilities
Page 27 of 241
CVE-2026-10006HIGHCVSS 7.5fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-10006 [HIGH] CWE-362 CVE-2026-10006: Race in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbit
Race in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9906HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9906 [HIGH] CWE-787 CVE-2026-9906: Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who ha
Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9946HIGHCVSS 8.3fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9946 [HIGH] CWE-416 CVE-2026-9946: Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had c
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9998HIGHCVSS 8.3fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9998 [HIGH] CWE-472 CVE-2026-9998: Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had
Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9905HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9905 [HIGH] CWE-416 CVE-2026-9905: Use after free in Accessibility in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote
Use after free in Accessibility in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9983HIGHCVSS 8.8fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9983 [HIGH] CWE-843 CVE-2026-9983: Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute
Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9892HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9892 [HIGH] CWE-269 CVE-2026-9892: Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a r
Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-9961HIGHCVSS 8.8fixed in 148.0.7778.215fixed in 148.0.7778.216+1 more2026-05-28
CVE-2026-9961 [HIGH] CWE-416 CVE-2026-9961: Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker
Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9974HIGHCVSS 8.3fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9974 [HIGH] CWE-787 CVE-2026-9974: Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who ha
Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9941HIGHCVSS 8.8fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9941 [HIGH] CWE-416 CVE-2026-9941: Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execut
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9890HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9890 [HIGH] CWE-416 CVE-2026-9890: Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker w
Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-9947HIGHCVSS 8.8fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9947 [HIGH] CWE-416 CVE-2026-9947: Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute
Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9938HIGHCVSS 8.8fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9938 [HIGH] CWE-94 CVE-2026-9938: Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacke
Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9916HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9916 [HIGH] CWE-787 CVE-2026-9916: Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who
Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9988HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9988 [HIGH] CWE-416 CVE-2026-9988: Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker
Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9922HIGHCVSS 7.5fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9922 [HIGH] CWE-416 CVE-2026-9922: Use after free in GPU in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who
Use after free in GPU in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9990HIGHCVSS 7.5fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9990 [HIGH] CWE-416 CVE-2026-9990: Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote at
Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9932HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9932 [HIGH] CWE-416 CVE-2026-9932: Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacke
Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9972HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9972 [HIGH] CWE-457 CVE-2026-9972: Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attack
Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9945HIGHCVSS 8.8fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9945 [HIGH] CWE-416 CVE-2026-9945: Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacke
Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd