Google Chrome vulnerabilities
4,807 known vulnerabilities affecting google/chrome.
Total CVEs
4,807
CISA KEV
74
actively exploited
Public exploits
65
Exploited in wild
65
Severity breakdown
CRITICAL313HIGH2275MEDIUM1745LOW45UNKNOWN429
Vulnerabilities
Page 28 of 241
CVE-2026-9878HIGHCVSS 8.8fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9878 [HIGH] CWE-416 CVE-2026-9878: Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execut
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-9893HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9893 [HIGH] CWE-416 CVE-2026-9893: Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had co
Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-9884HIGHCVSS 8.8fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9884 [HIGH] CWE-416 CVE-2026-9884: Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker
Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-9907MEDIUMCVSS 4.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9907 [MEDIUM] CWE-125 CVE-2026-9907: Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote atta
Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9919MEDIUMCVSS 4.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9919 [MEDIUM] CWE-125 CVE-2026-9919: Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote att
Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9942MEDIUMCVSS 5.0fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9942 [MEDIUM] CWE-457 CVE-2026-9942: Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who ha
Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9929MEDIUMCVSS 4.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9929 [MEDIUM] CWE-200 CVE-2026-9929: Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a
Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9882MEDIUMCVSS 6.5fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9882 [MEDIUM] CWE-472 CVE-2026-9882: Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak
Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-9903MEDIUMCVSS 5.0fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9903 [MEDIUM] CWE-20 CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.21
Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted MHTML page. (Chromium security severity: High)
nvd
CVE-2026-9979MEDIUMCVSS 5.0fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9979 [MEDIUM] CWE-20 CVE-2026-9979: Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed
Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-10008MEDIUMCVSS 6.5fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-10008 [MEDIUM] CWE-457 CVE-2026-10008: Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attack
Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9955MEDIUMCVSS 4.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9955 [MEDIUM] CWE-200 CVE-2026-9955: Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote
Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9981MEDIUMCVSS 6.5fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9981 [MEDIUM] CWE-200 CVE-2026-9981: Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attac
Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9912MEDIUMCVSS 6.5fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9912 [MEDIUM] CWE-200 CVE-2026-9912: Inappropriate implementation in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a re
Inappropriate implementation in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9908MEDIUMCVSS 6.5fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9908 [MEDIUM] CWE-125 CVE-2026-9908: Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to ob
Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9943MEDIUMCVSS 4.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9943 [MEDIUM] CWE-125 CVE-2026-9943: Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote att
Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9930MEDIUMCVSS 4.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9930 [MEDIUM] CWE-787 CVE-2026-9930: Out of bounds write in Dawn in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacke
Out of bounds write in Dawn in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9989MEDIUMCVSS 6.3fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9989 [MEDIUM] CWE-346 CVE-2026-9989: Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote atta
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)
nvd
CVE-2026-10010MEDIUMCVSS 5.0fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-10010 [MEDIUM] CWE-346 CVE-2026-10010: Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a
Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9913MEDIUMCVSS 4.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9913 [MEDIUM] CWE-125 CVE-2026-9913: Inappropriate implementation in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote atta
Inappropriate implementation in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
nvd